CVE-2025-43534

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/125884	Release Notes Vendor Advisory
https://support.apple.com/en-us/126793	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::

History

25 Mar 2026, 20:00

Type	Values Removed	Values Added
References	~~() https://support.apple.com/en-us/125884 -~~	() https://support.apple.com/en-us/125884 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/126793 -~~	() https://support.apple.com/en-us/126793 - Release Notes, Vendor Advisory
First Time		Apple ipados Apple Apple iphone Os
CPE		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os::::::::

25 Mar 2026, 19:16

Type	Values Removed	Values Added
CWE		CWE-284
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.8

25 Mar 2026, 01:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-25 01:17

Updated : 2026-03-25 20:00

NVD link : CVE-2025-43534

Mitre link : CVE-2025-43534

CVE.ORG link : CVE-2025-43534

JSON object : View

Products Affected

apple

iphone_os
ipados

CWE

CWE-284

Improper Access Control

6.8 /10