Description
This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Published: 2025-06-16
Score: 4.2 Medium
EPSS: < 1% Very Low
KEV: Yes
Impact: Potential malicious code execution via a maliciously crafted photo or video shared through an iCloud link
Action: Apply Update
AI Analysis

Impact

The vulnerability is a logic flaw that arises when Apple’s iOS, iPadOS, macOS, visionOS, or watchOS processes a maliciously crafted photo or video that is shared via an iCloud link. The flaw may allow an attacker to execute code or otherwise compromise the device, because the system trusts media received from iCloud links before applying security checks. Apple reports that the flaw may have already been exploited in a highly sophisticated attack against targeted individuals, indicating the possibility of serious compromise.

Affected Systems

Affected Apple operating systems include iOS 15.8.4, 16.7.11, and 18.3.1; iPadOS 15.8.4, 16.7.11, 18.3.1, and 17.7.5; macOS Sequoia 15.3.1, Sonoma 14.7.4, and Ventura 13.7.4; visionOS 2.3.1; and watchOS 11.3.1.

Risk and Exploitability

The CVSS score of 4.2 indicates a moderate risk level, and the EPSS score of less than 1% suggests that exploitation is unlikely to be widespread. However, the listing in CISA’s KEV catalog confirms that real-world attacks have occurred. The likely attack vector is delivering a malicious iCloud link through email, messaging, or social engineering, allowing the attacker to exploit the logic flaw when the target opens the link. Successful exploitation could lead to code execution, data theft, or persistent infection.

Generated by OpenCVE AI on April 28, 2026 at 01:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the affected Apple operating system to a version that includes the fix
  • If updating is not immediately possible, avoid opening iCloud links from untrusted or unknown sources and consider strengthening iCloud sharing settings
  • Monitor the device for unusual activity such as unexpected network connections, unfamiliar applications, or changes to system behavior

Generated by OpenCVE AI on April 28, 2026 at 01:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18428 This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
History

Tue, 28 Apr 2026 01:45:00 +0000

Type Values Removed Values Added
Title Logic Issue in iCloud Photo/Video Processing Leading to Potential Exploitation
Weaknesses CWE-20

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Wed, 29 Oct 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

 cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N'}

Tue, 21 Oct 2025 23:15:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00625}

 epss

{'score': 0.00438}

Tue, 17 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple visionos
Apple watchos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple visionos
Apple watchos

Tue, 17 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

kev

{'dateAdded': '2025-06-16'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Jun 2025 21:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
References

Subscriptions

Apple Ios Ipados Iphone Os Macos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:25:24.222Z

Reserved: 2025-04-16T15:24:37.088Z

Link: CVE-2025-43200

cve-icon Vulnrichment

Updated: 2025-06-17T13:19:26.556Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-16T22:16:41.120

Modified: 2026-04-03T14:29:07.400

Link: CVE-2025-43200

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:30:17Z

Weaknesses