CVE-2025-43531

A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, tvOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/125884	Release Notes Vendor Advisory
https://support.apple.com/en-us/125885	Release Notes Vendor Advisory
https://support.apple.com/en-us/125886	Release Notes Vendor Advisory
https://support.apple.com/en-us/125889	Release Notes Vendor Advisory
https://support.apple.com/en-us/125890	Release Notes Vendor Advisory
https://support.apple.com/en-us/125891	Release Notes Vendor Advisory
https://support.apple.com/en-us/125892	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

18 Dec 2025, 19:24

Type	Values Removed	Values Added
CPE		cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:a:apple:safari:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:macos::::::::
CWE		CWE-362
First Time		Apple tvos Apple safari Apple ipados Apple watchos Apple iphone Os Apple visionos Apple macos Apple
References	~~() https://support.apple.com/en-us/125884 -~~	() https://support.apple.com/en-us/125884 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/125885 -~~	() https://support.apple.com/en-us/125885 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/125886 -~~	() https://support.apple.com/en-us/125886 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/125889 -~~	() https://support.apple.com/en-us/125889 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/125890 -~~	() https://support.apple.com/en-us/125890 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/125891 -~~	() https://support.apple.com/en-us/125891 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/125892 -~~	() https://support.apple.com/en-us/125892 - Release Notes, Vendor Advisory

17 Dec 2025, 22:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.1

17 Dec 2025, 21:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-17 21:16

Updated : 2026-01-07 16:15

NVD link : CVE-2025-43531

Mitre link : CVE-2025-43531

CVE.ORG link : CVE-2025-43531

JSON object : View

Products Affected

apple

watchos
safari
iphone_os
visionos
tvos
ipados
macos

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

3.1 /10