Description
A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.
Published: 2025-11-04
Score: 4.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

A buffer overflow that allowed a privileged network user to terminate Xcode exists. The flaw was mitigated by enhanced bounds checking and is fixed in Xcode 26.1. The vulnerability falls under CWE‑119, a buffer copy or write weakness that can lead to loss of service.

Affected Systems

Apple’s Xcode development environment is affected, specifically all versions that preceded 26.1. The issue applies to Xcode installations running on any Apple platform where a privileged user can interact with the vulnerable component, but no specific patch versions are listed beyond the fix in 26.1.

Risk and Exploitability

The CVSS score of 4.9 indicates moderate impact. The EPSS score of less than 1 % shows a low exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Exploitation appears to require a user with privileged network access to the Xcode environment, suggesting that the attack uses a local or network-based privilege to trigger a denial of service.

Generated by OpenCVE AI on April 22, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Apple Xcode 26.1 update or a later release to replace the vulnerable code.
  • If an immediate upgrade is not feasible, restrict privileged network users from accessing or executing the vulnerable component of Xcode, effectively isolating the risk.
  • Continuously monitor the Xcode service for unexpected restarts or crashes; if a denial of service occurs, reload the application promptly as a stop‑gap until the patch can be applied.

Generated by OpenCVE AI on April 22, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125641 cve-icon cve-icon
History

Wed, 22 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow Causing Denial of Service in Xcode

Tue, 04 Nov 2025 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple xcode
CPEs cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple xcode

Tue, 04 Nov 2025 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service.
References

Subscriptions

Apple Xcode
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:09.762Z

Reserved: 2025-04-16T15:27:21.193Z

Link: CVE-2025-43504

cve-icon Vulnrichment

Updated: 2025-11-04T13:07:10.369Z

cve-icon NVD

Status : Analyzed

Published: 2025-11-04T02:15:53.370

Modified: 2025-11-04T16:22:02.140

Link: CVE-2025-43504

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T21:30:27Z

Weaknesses