Description
A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes.
Published: 2025-11-04
Score: 2.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial-of-Service via unprivileged process terminating root processes
Action: Apply Update
AI Analysis

Impact

This vulnerability allows an unprivileged process to terminate root processes, resulting in a denial‑of‑service condition. The weakness is based on improper input validation and is documented as CWE‑20. The impact is limited to service disruption with no known confidentiality or integrity compromise.

Affected Systems

Apple iOS and iPadOS devices running versions older than 18.7.2 and older than iOS/iPadOS 26 are affected. The issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, as well as in iOS 26 and iPadOS 26.

Risk and Exploitability

The CVSS score of 2.8 classifies the vulnerability as low severity. The EPSS score of less than 1% indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, and the likely attack vector is local: an attacker with access to run an unprivileged process on the device could exploit the flaw to terminate root processes and cause a DoS.

Generated by OpenCVE AI on April 27, 2026 at 23:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to iOS 18.7.2 or newer or iPadOS 18.7.2 or newer, which contain the fix for the input validation issue.
  • If updating is not immediately possible, limit the execution of untrusted or custom applications to reduce the risk of a local attacker gaining the necessary foothold.
  • Ensure that System Integrity Protection and other native security features are enabled to block privileged process termination attempts from unprivileged code.

Generated by OpenCVE AI on April 27, 2026 at 23:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Title Denial-of-Service Vulnerability Enabling Unprivileged Process to Terminate Root Processes in iOS and iPadOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An unprivileged process may be able to terminate a root processes. A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes.
References

Wed, 05 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 05 Nov 2025 18:45:00 +0000

Type Values Removed Values Added
Description A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes. A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An unprivileged process may be able to terminate a root processes.
References

Tue, 04 Nov 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Vendors & Products Apple
Apple ios
Apple ipados

Tue, 04 Nov 2025 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 2.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26. An unprivileged process may be able to terminate a root processes.
References

Subscriptions

Apple Ios Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:51.978Z

Reserved: 2025-04-16T15:24:37.113Z

Link: CVE-2025-43365

cve-icon Vulnrichment

Updated: 2025-11-04T12:55:15.107Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:44.037

Modified: 2026-04-02T19:20:34.170

Link: CVE-2025-43365

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:15:06Z

Weaknesses