Description
A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.
Published: 2025-09-15
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A flaw in input validation can cause an application to crash, resulting in a denial‑of‑service condition. The weakness is a classic input validation flaw (CWE‑20) that allows an attacker to supply malformed data that the system does not handle correctly. An impacted application that receives the malformed data can be forced to terminate, rendering either the app or the underlying system unresponsive until a restart or recovery action occurs.

Affected Systems

Apple’s operating systems are affected. The vulnerability applies to iOS and iPadOS running any version prior to 18.7, and to macOS versions prior to Sequoia 15.7, Sonoma 14.8, and Tahoe 26. Each of these platforms includes the operating system itself and any applications that rely on the affected system components.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity. The EPSS score shows an exploitation probability of less than 1 percent, suggesting that the vulnerability is not widely leveraged in the wild. It is not listed in the CISA KEV catalog. The likely attack vector is application‑level; a malicious app or specially crafted payload can trigger the crash. Because the flaw is limited to proper validation of input, an attacker does not gain code execution or elevated privileges; the primary impact is service disruption.

Generated by OpenCVE AI on April 28, 2026 at 10:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the operating system to iOS 18.7, iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26 or later
  • Enable automatic system updates to receive future security patches promptly
  • If denial‑of‑service symptoms persist after updating, contact Apple support for further assistance

Generated by OpenCVE AI on April 28, 2026 at 10:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29289 A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service.
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service. A denial-of-service issue was addressed with improved validation. This issue is fixed in iOS 18.7 and iPadOS 18.7, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to cause a denial-of-service.
References

Tue, 04 Nov 2025 02:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service. A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service.

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Tahoe
Vendors & Products Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Tahoe

Tue, 16 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description A denial-of-service issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, iOS 18.7 and iPadOS 18.7. An app may be able to cause a denial-of-service.
References

Subscriptions

Apple Ios Ipados Iphone Os Macos Macos Sequoia Macos Sonoma Macos Tahoe
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:55.644Z

Reserved: 2025-04-16T15:24:37.103Z

Link: CVE-2025-43299

cve-icon Vulnrichment

Updated: 2025-11-03T18:10:27.027Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:33.013

Modified: 2026-04-02T19:20:22.120

Link: CVE-2025-43299

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:45:29Z

Weaknesses