๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2025-43520: Apple Multiple Products Classic Buffer Overflow Vulnerability
Summary
A buffer overflow vulnerability (a programming error where data overflows its allocated memory space) affects multiple Apple products including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS. A malicious app could exploit this to crash the system or write malicious code directly into kernel memory (the core of the operating system). This vulnerability is actively being exploited by attackers in the wild.
Solution / Mitigation
Apply mitigations per Apple's vendor instructions (referenced in support documents), follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. The deadline for remediation is April 3, 2026.
Vulnerability Details
EPSS: 0.0%
Yes
๐ฅ Actively Exploited
March 19, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-43520
First tracked: March 20, 2026 at 02:00 PM
Classified by LLM (prompt v3) ยท confidence: 65%