COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-43520

CVE-2025-43520

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-03-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-43520
⌖ exploited in the wild shame 45/100 exploited-in-wildsupply-chainunpatched

Apple's iOS/macOS family contains a classic buffer overflow vulnerability actively exploited by ransomware groups.

A classic buffer overflow in Apple's iOS, macOS, and related OSes allows malicious apps to crash systems or write to kernel memory, creating a high-risk attack surface for DIB vendors relying on Apple hardware/software. This vulnerability is actively exploited in the wild, requiring immediate patching and supply chain vetting to prevent unauthorized access to sensitive data.

Shame score — While not a zero-day, the active exploitation of a classic buffer overflow in widely used Apple products poses significant supply chain risk for DIB organizations.

Players implicated

apple · vendorMultiple Products · product

Description

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.