Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Published: 2025-08-21
Score: 10 Critical
EPSS: 4.5% Low
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write was discovered in the image‑processing component of Apple’s operating systems when handling malicious image files. The flaw allows a crafted image to overwrite adjacent memory, resulting in arbitrary memory corruption. Because the corrupted memory can influence program control flow, the vulnerability is rated as a high‑risk condition capable of granting an attacker the ability to execute arbitrary code or otherwise disrupt system functionality. It is classified under CWE‑787.

Affected Systems

Patch notes indicate that the vulnerability exists in iOS versions 15.8.5, 16.7.12 and 18.6.2, as well as their iPadOS counterparts (15.8.5, 16.7.12, 18.6.2, 17.7.10). For macOS, the affected releases include macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. Devices running earlier builds than these specified versions are likely vulnerable.

Risk and Exploitability

Apple reports that the flaw has been leveraged in a highly sophisticated attack against a specific group of targets. The CVSS base score of 10 underscores the maximum severity, while a 4% EPSS suggests a non‑negligible likelihood of exploitation in the wild. Because the flaw is triggered by processing image data, an attacker could deliver the malicious file via email attachments, web content, or any service that renders images on the device. Being listed in the CISA KEV catalog further confirms that the vulnerability is actively exploited, making immediate remediation imperative.

Generated by OpenCVE AI on May 7, 2026 at 15:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security updates for iOS, iPadOS, and macOS that include the fix (iOS 15.8.5+, 16.7.12+, 18.6.2+, iPadOS 15.8.5+, 16.7.12+, 18.6.2+, 17.7.10+, macOS Sequoia 15.6.1+, Sonoma 14.7.8+, Ventura 13.7.8+).
  • Until the update is installed, avoid opening or viewing image files from untrusted or unknown sources, and consider using a sandboxed or separate user context for visualizing potentially malicious content.
  • Monitor device logs for abnormal memory corruption events or crashes that could indicate exploitation attempts, and apply any additional system hardening guidelines provided by Apple.

Generated by OpenCVE AI on May 7, 2026 at 15:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25409 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
History

Thu, 07 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑bounds Write in Image Processing Leading to Memory Corruption

Tue, 28 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑bounds Write in Image Processing Leading to Memory Corruption

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
References

Wed, 26 Nov 2025 14:15:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 23:15:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 16 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Mon, 15 Sep 2025 23:30:00 +0000

Type Values Removed Values Added
References

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
References

Tue, 26 Aug 2025 05:30:00 +0000

Type Values Removed Values Added
References

Fri, 22 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Thu, 21 Aug 2025 17:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-08-21T00:00:00+00:00', 'dueDate': '2025-09-11T00:00:00+00:00'}

Thu, 21 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 Aug 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura
Vendors & Products Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura

Thu, 21 Aug 2025 00:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
References

Subscriptions

Apple Ios Ipados Iphone Os Macos Macos Sequoia Macos Sonoma Macos Ventura
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:17:25.587Z

Reserved: 2025-04-16T15:24:37.104Z

Link: CVE-2025-43300

cve-icon Vulnrichment

Updated: 2025-11-04T22:06:35.976Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-21T01:15:36.243

Modified: 2026-04-03T14:28:33.887

Link: CVE-2025-43300

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T15:30:06Z

Weaknesses