Description
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Published: 2025-09-15
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via Crash
Action: Update
AI Analysis

Impact

A path handling issue in Apple Xcode was addressed with improved validation. An overly large path value may cause the Xcode process to crash, resulting in a denial of service. The weakness involves improper bounds checking on input strings, which is identified as CWE-120.

Affected Systems

The vulnerability affects Apple Xcode, with the issue fixed starting in Xcode 26. No specific release versions are listed as vulnerable, and the description does not provide additional version constraints. Systems running older Xcode versions may be susceptible.

Risk and Exploitability

CVSS score of 4 indicates medium severity. The EPSS score of less than 1% suggests a very low likelihood of exploitation in the wild, and the CVE is not catalogued in CISA KEV. The attack vector appears to require local execution or manipulation of Xcode input files, so an attacker would need access to the user environment or the ability to submit large path values through Xcode interfaces.

Generated by OpenCVE AI on April 28, 2026 at 10:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Xcode 26 or a later release in which the path validation bug is fixed.
  • Avoid creating or opening projects or source files with unusually long directory paths in Xcode until an update is available.
  • Monitor Apple support and security advisories for any additional patches or workarounds.

Generated by OpenCVE AI on April 28, 2026 at 10:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29348 A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
History

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple xcode
Vendors & Products Apple
Apple xcode

Tue, 16 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 16 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 4.0, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
References

Subscriptions

Apple Xcode
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:08:15.385Z

Reserved: 2025-04-16T15:24:37.114Z

Link: CVE-2025-43370

cve-icon Vulnrichment

Updated: 2025-09-16T15:00:54.797Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:38.667

Modified: 2025-11-03T19:16:05.230

Link: CVE-2025-43370

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:00:14Z

Weaknesses