{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43537", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:27:21.198Z", "datePublished": "2026-02-11T22:57:59.635Z", "dateUpdated": "2026-04-02T18:07:09.734Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Restoring a maliciously crafted backup file may lead to modification of protected system files"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.7.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.2", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2. Restoring a maliciously crafted backup file may lead to modification of protected system files."}], "references": [{"url": "https://support.apple.com/en-us/125884"}, {"url": "https://support.apple.com/en-us/126347"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:07:09.734Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-22", "lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-12T14:50:55.467745Z", "id": "CVE-2025-43537", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T20:52:33.264Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DF4C0EE-C67C-4BA1-BB50-C51DEC72E486", "versionEndExcluding": "18.7.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "273784FD-F8F0-466D-AF6E-5511FF3781B7", "versionEndExcluding": "18.7.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2. Restoring a maliciously crafted backup file may lead to modification of protected system files."}, {"lang": "es", "value": "Se abord\u00f3 un problema de manejo de rutas con validaci\u00f3n mejorada. Este problema se corrigi\u00f3 en iOS 18.7.5 y iPadOS 18.7.5. Restaurar un archivo de copia de seguridad creado maliciosamente puede llevar a la modificaci\u00f3n de archivos de sistema protegidos."}], "id": "CVE-2025-43537", "lastModified": "2026-04-02T19:21:01.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-11T23:16:02.300", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/125884"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126347"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,18.7)"}}], "product": "ios_and_ipados", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-04-22T20:03:40.131253+00:00", "value": {"mitigation_remediation": ["Update the device to iOS\u202f18.7.5, iOS\u202f26.2, iPadOS\u202f18.7.5, or iPadOS\u202f26.2 to apply the fix.", "Avoid restoring backups from untrusted or unknown sources until after updating the OS.", "Verify that backup files are encrypted and sourced from legitimate backups before restoration."], "summary": {"action": "Patch", "impact": "Modification of protected system files"}, "threat_synthesis": {"affected_systems": "Apple iOS and iPadOS devices running any version older than iOS\u202f18.7.5 or iPadOS\u202f18.7.5 (and older than iOS\u202f26.2 or iPadOS\u202f26.2) are susceptible. Devices with those older releases must be considered vulnerable until an update is applied.", "description_and_impact": "A path handling flaw in iOS and iPadOS devices permits an attacker to craft a malicious backup file that, when restored, can modify protected system files. This flaw is a path traversal weakness (CWE\u201122) that directly compromises system integrity. The vulnerability does not affect confidentiality or availability but allows an attacker to alter critical OS files, potentially undermining device stability and security.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate risk level. The EPSS score below 1\u202f% suggests that exploitation is unlikely but possible. The catalog entry is not currently listed in CISA\u2019s KEV. The flaw is exploitable locally by restoring a crafted backup file; an attacker needs access to the device\u2019s backup restoration process or a compromised backup file. Once the backup is restored, the attacker can modify protected system files, compromising integrity."}}}}, "created": "2026-02-12T09:03:09.740445+00:00", "title": "Backup Restoration Path Handling Issue Allows Modification of Protected System Files", "updated": "2026-04-22T20:15:20.524267+00:00", "vendors": ["apple", "apple$PRODUCT$ios_and_ipados"]}