Vulnerability-Lookup

CVE-2025-43356 (GCVE-0-2025-43356)

Vulnerability from cvelistv5 – Published: 2025-09-15 22:34 – Updated: 2025-11-04 21:10

Summary

The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26, iOS 18.7 and iPadOS 18.7. A website may be able to access sensor information without user consent.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE

A website may be able to access sensor information without user consent

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/125108
	https://support.apple.com/en-us/125109
	https://support.apple.com/en-us/125113
	https://support.apple.com/en-us/125114
	https://support.apple.com/en-us/125115
	https://support.apple.com/en-us/125116

Impacted products

Vendor

Product

Version

Apple

iOS and iPadOS

Affected: unspecified , < 26 (custom)

Apple	iOS and iPadOS	Affected: unspecified , < 18.7 (custom)
Apple	Safari	Affected: unspecified , < 26 (custom)
Apple	tvOS	Affected: unspecified , < 26 (custom)
Apple	visionOS	Affected: unspecified , < 26 (custom)
Apple	watchOS	Affected: unspecified , < 26 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-43356",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-16T13:39:43.935153Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-16T17:26:16.231Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:10:42.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/57"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/56"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/59"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Sep/49"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/22/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "18.7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "visionOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "26",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26, iOS 18.7 and iPadOS 18.7. A website may be able to access sensor information without user consent."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A website may be able to access sensor information without user consent",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-04T01:15:54.569Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/125108"
        },
        {
          "url": "https://support.apple.com/en-us/125109"
        },
        {
          "url": "https://support.apple.com/en-us/125113"
        },
        {
          "url": "https://support.apple.com/en-us/125114"
        },
        {
          "url": "https://support.apple.com/en-us/125115"
        },
        {
          "url": "https://support.apple.com/en-us/125116"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2025-43356",
    "datePublished": "2025-09-15T22:34:42.384Z",
    "dateReserved": "2025-04-16T15:24:37.112Z",
    "dateUpdated": "2025-11-04T21:10:42.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2025/Sep/57\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Sep/56\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Sep/53\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Sep/59\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Sep/49\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/09/22/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T21:10:42.964Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-43356\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-16T13:39:43.935153Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-16T13:39:48.775Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"18.7\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"visionOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"26\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/125108\"}, {\"url\": \"https://support.apple.com/en-us/125109\"}, {\"url\": \"https://support.apple.com/en-us/125113\"}, {\"url\": \"https://support.apple.com/en-us/125114\"}, {\"url\": \"https://support.apple.com/en-us/125115\"}, {\"url\": \"https://support.apple.com/en-us/125116\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26, iOS 18.7 and iPadOS 18.7. A website may be able to access sensor information without user consent.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"A website may be able to access sensor information without user consent\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2025-11-04T01:15:54.569Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-43356\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T21:10:42.964Z\", \"dateReserved\": \"2025-04-16T15:24:37.112Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2025-09-15T22:34:42.384Z\", \"assignerShortName\": \"apple\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CVE-2025-43356

Vulnerability from fstec - Published: 15.09.2025

Title

Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным

Description

Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit связана с раскрытием информации. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, получить доступ к конфиденциальным данным

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vendor

ООО «РусБИТех-Астра», Apple Inc., Сообщество свободного программного обеспечения

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), iOS, iPadOS, Safari, MacOS, tvOS, visionOS, watchOS, WPE WebKit, WebKitGTK

Software Version

1.8 (Astra Linux Special Edition), до 18.7 (iOS), до 18.7 (iPadOS), до 26.0 (Safari), до 26.0 (MacOS), до 26.0 (tvOS), до 26.0 (visionOS), до 26.0 (watchOS), до 2.48.7 (WPE WebKit), до 2.48.7 (WebKitGTK)

Possible Mitigations

Использование рекомендаций: Для Apple: https://support.apple.com/en-us/125108 https://support.apple.com/en-us/125109 https://support.apple.com/en-us/125113 https://support.apple.com/en-us/125114 https://support.apple.com/en-us/125115 https://support.apple.com/en-us/125116 Для WPE WebKit: https://webkitgtk.org/security/WSA-2025-0006.html Для WebKitGTK: https://webkitgtk.org/security/WSA-2025-0006.html Для ОС Astra Linux: обновить пакет webkit2gtk до 2.48.7-0ubuntu0.22.04.2.astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-43356 https://security-tracker.debian.org/tracker/CVE-2025-43356 https://support.apple.com/en-us/125108 https://support.apple.com/en-us/125109 https://support.apple.com/en-us/125113 https://support.apple.com/en-us/125114 https://support.apple.com/en-us/125115 https://support.apple.com/en-us/125116 https://webkitgtk.org/security/WSA-2025-0006.html https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18

CWE

CWE-200

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Apple Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.8 (Astra Linux Special Edition), \u0434\u043e 18.7 (iOS), \u0434\u043e 18.7 (iPadOS), \u0434\u043e 26.0 (Safari), \u0434\u043e 26.0 (MacOS), \u0434\u043e 26.0 (tvOS), \u0434\u043e 26.0 (visionOS), \u0434\u043e 26.0 (watchOS), \u0434\u043e 2.48.7 (WPE WebKit), \u0434\u043e 2.48.7 (WebKitGTK)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apple:\nhttps://support.apple.com/en-us/125108\nhttps://support.apple.com/en-us/125109\nhttps://support.apple.com/en-us/125113\nhttps://support.apple.com/en-us/125114\nhttps://support.apple.com/en-us/125115\nhttps://support.apple.com/en-us/125116\n\n\u0414\u043b\u044f WPE WebKit:\nhttps://webkitgtk.org/security/WSA-2025-0006.html\n\n\u0414\u043b\u044f WebKitGTK:\nhttps://webkitgtk.org/security/WSA-2025-0006.html\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.48.7-0ubuntu0.22.04.2.astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.09.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "15.12.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.12.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-15664",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-43356",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043d\u043e\u0433\u043e\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u0430\u044f",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), iOS, iPadOS, Safari, MacOS, tvOS, visionOS, watchOS, WPE WebKit, WebKitGTK",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Apple Inc. iOS \u0434\u043e 18.7 , Apple Inc. iPadOS \u0434\u043e 18.7 , Apple Inc. MacOS \u0434\u043e 26.0 , Apple Inc. tvOS \u0434\u043e 26.0 , Apple Inc. visionOS \u0434\u043e 26.0 , Apple Inc. watchOS \u0434\u043e 26.0 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "Jaydev Ahire",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2025-43356\nhttps://security-tracker.debian.org/tracker/CVE-2025-43356\nhttps://support.apple.com/en-us/125108\nhttps://support.apple.com/en-us/125109\nhttps://support.apple.com/en-us/125113\nhttps://support.apple.com/en-us/125114\nhttps://support.apple.com/en-us/125115\nhttps://support.apple.com/en-us/125116\nhttps://webkitgtk.org/security/WSA-2025-0006.html\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-1113SE18",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

GHSA-PQ66-4888-3QQ9

Vulnerability from github – Published: 2025-09-16 00:30 – Updated: 2025-11-05 00:31

Details

The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A website may be able to access sensor information without user consent.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-43356"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-15T23:15:37Z",
    "severity": "MODERATE"
  },
  "details": "The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A website may be able to access sensor information without user consent.",
  "id": "GHSA-pq66-4888-3qq9",
  "modified": "2025-11-05T00:31:27Z",
  "published": "2025-09-16T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43356"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125108"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125109"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125110"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125113"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125114"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125115"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125116"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/49"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/56"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/57"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/59"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2025/09/22/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2025-43356

Vulnerability from osv_almalinux

Published

2025-10-13 00:00

Modified

2025-10-14 10:09

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43272)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43342)
webkitgtk: A website may be able to access sensor information without user consent (CVE-2025-43356)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43368)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.0-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.0-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.0-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.0-1.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  \n\nSecurity Fix(es):  \n\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43272)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43342)\n  * webkitgtk: A website may be able to access sensor information without user consent (CVE-2025-43356)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43368)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:17802",
  "modified": "2025-10-14T10:09:21Z",
  "published": "2025-10-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:17802"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43272"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43342"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43356"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43368"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397626"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397627"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397628"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397630"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-17802.html"
    }
  ],
  "related": [
    "CVE-2025-43272",
    "CVE-2025-43342",
    "CVE-2025-43356",
    "CVE-2025-43368"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

cve-2025-43356

Vulnerability from osv_almalinux

Published

2025-10-15 00:00

Modified

2025-10-23 12:50

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43272)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43342)
webkitgtk: A website may be able to access sensor information without user consent (CVE-2025-43356)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43368)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43343)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.1-0.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.1-0.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.1-0.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.1-0.el9_6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  \n\nSecurity Fix(es):  \n\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43272)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43342)\n  * webkitgtk: A website may be able to access sensor information without user consent (CVE-2025-43356)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43368)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43343)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:18097",
  "modified": "2025-10-23T12:50:53Z",
  "published": "2025-10-15T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:18097"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43272"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43342"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43343"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43356"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43368"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397626"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397627"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397628"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397630"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403598"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-18097.html"
    }
  ],
  "related": [
    "CVE-2025-43272",
    "CVE-2025-43342",
    "CVE-2025-43356",
    "CVE-2025-43368",
    "CVE-2025-43343"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

cve-2025-43356

Vulnerability from osv_almalinux

Published

2025-11-11 00:00

Modified

2025-11-19 09:22

Summary

Important: webkit2gtk3 security update

Details

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43272)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43342)
webkitgtk: A website may be able to access sensor information without user consent (CVE-2025-43356)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43368)
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43343)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.1-1.el9_7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.1-1.el9_7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.1-1.el9_7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "webkit2gtk3-jsc-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.50.1-1.el9_7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.  \n\nSecurity Fix(es):  \n\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43272)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43342)\n  * webkitgtk: A website may be able to access sensor information without user consent (CVE-2025-43356)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43368)\n  * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43343)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2025:20922",
  "modified": "2025-11-19T09:22:06Z",
  "published": "2025-11-11T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:20922"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43272"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43342"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43343"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43356"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2025-43368"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397626"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397627"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397628"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2397630"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2403598"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-20922.html"
    }
  ],
  "related": [
    "CVE-2025-43272",
    "CVE-2025-43342",
    "CVE-2025-43356",
    "CVE-2025-43368",
    "CVE-2025-43343"
  ],
  "summary": "Important: webkit2gtk3 security update"
}

FKIE_CVE-2025-43356

Vulnerability from fkie_nvd - Published: 2025-09-15 23:15 - Updated: 2025-11-04 22:16

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/125108	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/125109	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/125113	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/125114	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/125115	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/125116	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Sep/49
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Sep/53
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Sep/56
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Sep/57
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2025/Sep/59
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2025/09/22/3

Impacted products

Vendor	Product	Version
apple	safari	*
apple	ipados	*
apple	iphone_os	*
apple	macos	*
apple	tvos	*
apple	visionos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "213D326D-D8FB-4C0B-B3C9-D44E359F5765",
              "versionEndExcluding": "26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5006F7D9-931C-4C7A-960A-C46338855CBB",
              "versionEndExcluding": "18.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "025344A4-9E22-44FD-AF62-67FE85D1C621",
              "versionEndExcluding": "18.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39AFEC84-CF6E-4859-8B5A-C5CF3F838A94",
              "versionEndExcluding": "26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4D5965-C1B7-4C82-AB16-BA4D41F2FBCA",
              "versionEndExcluding": "26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33744A8-68C0-4822-B08E-100911C18404",
              "versionEndExcluding": "26.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66CF3395-7CC9-41FD-8419-815AC6022191",
              "versionEndExcluding": "26.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26, iOS 18.7 and iPadOS 18.7. A website may be able to access sensor information without user consent."
    }
  ],
  "id": "CVE-2025-43356",
  "lastModified": "2025-11-04T22:16:15.147",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-15T23:15:37.530",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/125108"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/125109"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/125113"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/125114"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/125115"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/125116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/49"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/53"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/56"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/57"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2025/Sep/59"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2025/09/22/3"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CNVD-2025-22676

Vulnerability from cnvd - Published: 2025-09-26

Title

多款Apple产品信息泄露漏洞（CNVD-2025-22676）

Description

Apple Safari等都是美国苹果（Apple）公司的产品。Apple Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器。Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。多款Apple产品存在信息泄露漏洞，该漏洞源于缓存处理不当，攻击者可利用该漏洞导致网站未经用户同意访问传感器信息。

Severity

高

Patch Name

多款Apple产品信息泄露漏洞（CNVD-2025-22676）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/en-us/125108 https://support.apple.com/en-us/125109 https://support.apple.com/en-us/125110 https://support.apple.com/en-us/125113 https://support.apple.com/en-us/125114 https://support.apple.com/en-us/125115 https://support.apple.com/en-us/125116

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-43356

Impacted products

Name
['Apple iOS <26', 'Apple iPadOS <26', 'Apple visionOS <26', 'Apple watchOS <26', 'Apple macOS Tahoe <26', 'Apple tvOS <26', 'Apple iOS <18.7', 'Apple iPadOS <18.7', 'Apple Safari <26']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-43356",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-43356"
    }
  },
  "description": "Apple Safari\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple Safari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002 \n\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f13\u5b58\u5904\u7406\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f51\u7ad9\u672a\u7ecf\u7528\u6237\u540c\u610f\u8bbf\u95ee\u4f20\u611f\u5668\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/125108\r\nhttps://support.apple.com/en-us/125109\r\nhttps://support.apple.com/en-us/125110\r\nhttps://support.apple.com/en-us/125113\r\nhttps://support.apple.com/en-us/125114\r\nhttps://support.apple.com/en-us/125115\r\nhttps://support.apple.com/en-us/125116",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-22676",
  "openTime": "2025-09-26",
  "patchDescription": "Apple Safari\u7b49\u90fd\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Apple Safari\u662f\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fMac OS X\u548ciOS\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002Apple iOS\u662f\u4e00\u5957\u4e3a\u79fb\u52a8\u8bbe\u5907\u6240\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple tvOS\u662f\u4e00\u5957\u667a\u80fd\u7535\u89c6\u64cd\u4f5c\u7cfb\u7edf\u3002 \r\n\r\n\u591a\u6b3eApple\u4ea7\u54c1\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f13\u5b58\u5904\u7406\u4e0d\u5f53\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f51\u7ad9\u672a\u7ecf\u7528\u6237\u540c\u610f\u8bbf\u95ee\u4f20\u611f\u5668\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u591a\u6b3eApple\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2025-22676\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple iOS \u003c26",
      "Apple iPadOS \u003c26",
      "Apple visionOS \u003c26",
      "Apple watchOS \u003c26",
      "Apple macOS Tahoe \u003c26",
      "Apple tvOS \u003c26",
      "Apple iOS \u003c18.7",
      "Apple iPadOS \u003c18.7",
      "Apple Safari \u003c26"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-43356",
  "serverity": "\u9ad8",
  "submitTime": "2025-09-18",
  "title": "\u591a\u6b3eApple\u4ea7\u54c1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2025-22676\uff09"
}

CERTFR-2026-AVI-0069

Vulnerability from certfr_avis - Published: 2026-01-21 - Updated: 2026-01-21

De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	Java SE	Oracle Java SE versions 11.0.29, 17.0.17, 21.0.9 et 25.0.1
Oracle	Java SE	Oracle JDK Mission Control version 9.1.1
Oracle	Java SE	Oracle Java SE versions 8u471, 8u471-b50 et 8u471-perf
Oracle	Java SE	Oracle GraalVM Enterprise Edition version 21.3.16
Oracle	Java SE	Oracle GraalVM pour JDK versions 17.0.17 et 21.0.9

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle Java SE cpujan2026

2026-01-20

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Java SE versions 11.0.29, 17.0.17, 21.0.9 et 25.0.1",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JDK Mission Control version  9.1.1",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Java SE versions 8u471, 8u471-b50 et 8u471-perf",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM Enterprise Edition version 21.3.16",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle GraalVM pour JDK versions 17.0.17 et 21.0.9",
      "product": {
        "name": "Java SE",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-47219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47219"
    },
    {
      "name": "CVE-2026-21933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
    },
    {
      "name": "CVE-2026-21932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
    },
    {
      "name": "CVE-2025-6052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6052"
    },
    {
      "name": "CVE-2026-21925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
    },
    {
      "name": "CVE-2025-7425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
    },
    {
      "name": "CVE-2025-43368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43368"
    },
    {
      "name": "CVE-2025-43356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43356"
    },
    {
      "name": "CVE-2025-43272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43272"
    },
    {
      "name": "CVE-2025-47183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47183"
    },
    {
      "name": "CVE-2025-10911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
    },
    {
      "name": "CVE-2025-6021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
    },
    {
      "name": "CVE-2026-21945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
    },
    {
      "name": "CVE-2025-43342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43342"
    },
    {
      "name": "CVE-2026-21947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21947"
    },
    {
      "name": "CVE-2025-7424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
    },
    {
      "name": "CVE-2025-8732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8732"
    },
    {
      "name": "CVE-2025-12183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
    }
  ],
  "initial_release_date": "2026-01-21T00:00:00",
  "last_revision_date": "2026-01-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0069",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
  "vendor_advisories": [
    {
      "published_at": "2026-01-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpujan2026",
      "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
    }
  ]
}

CERTFR-2025-AVI-0791

Vulnerability from certfr_avis - Published: 2025-09-16 - Updated: 2025-09-16

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Apple indique que la vulnérabilité CVE-2025-43300 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Apple	iPadOS	iPadOS versions antérieures à 26
Apple	watchOS	watchOS versions antérieures à 26
Apple	iOS	iOS versions 16.x antérieures à 16.7.12
Apple	macOS	macOS Sonoma versions antérieures à 14.8
Apple	tvOS	tvOS versions antérieures à 26
Apple	macOS	macOS Sequoia versions antérieures à 15.7
Apple	iOS	iOS versions antérieures à 26
Apple	iOS	iOS versions 15.x antérieures à 15.8.5
Apple	iOS	iOS versions 18.x antérieures à 18.7
Apple	visionOS	visionOS versions antérieures à 26
Apple	Xcode	Xcode versions antérieures à 26
Apple	Safari	Safari versions antérieures à 26
Apple	iPadOS	iPadOS versions 15.x antérieures à 15.8.5
Apple	iPadOS	iPadOS versions 16.x antérieures à 16.7.12
Apple	macOS	macOS Tahoe versions antérieures à 26
Apple	iPadOS	iPadOS versions 18.x antérieures à 18.7

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 125112	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125116	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125110	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125115	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125141	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125117	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125114	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125108	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125111	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125109	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125142	2025-09-15	vendor-advisory
Bulletin de sécurité Apple 125113	2025-09-15	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 26",
      "product": {
        "name": "iPadOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 26",
      "product": {
        "name": "watchOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 16.x ant\u00e9rieures \u00e0 16.7.12",
      "product": {
        "name": "iOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 26",
      "product": {
        "name": "tvOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 26",
      "product": {
        "name": "iOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 15.x ant\u00e9rieures \u00e0 15.8.5",
      "product": {
        "name": "iOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions 18.x ant\u00e9rieures \u00e0 18.7",
      "product": {
        "name": "iOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "visionOS versions ant\u00e9rieures \u00e0 26",
      "product": {
        "name": "visionOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 26",
      "product": {
        "name": "Xcode",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 26",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 15.x ant\u00e9rieures \u00e0 15.8.5",
      "product": {
        "name": "iPadOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 16.x ant\u00e9rieures \u00e0 16.7.12",
      "product": {
        "name": "iPadOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 18.x ant\u00e9rieures \u00e0 18.7",
      "product": {
        "name": "iPadOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-43292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43292"
    },
    {
      "name": "CVE-2025-43372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43372"
    },
    {
      "name": "CVE-2025-43332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43332"
    },
    {
      "name": "CVE-2025-31270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31270"
    },
    {
      "name": "CVE-2025-43362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43362"
    },
    {
      "name": "CVE-2025-43319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43319"
    },
    {
      "name": "CVE-2025-43340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43340"
    },
    {
      "name": "CVE-2025-43327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43327"
    },
    {
      "name": "CVE-2025-30468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30468"
    },
    {
      "name": "CVE-2025-43359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43359"
    },
    {
      "name": "CVE-2025-43262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43262"
    },
    {
      "name": "CVE-2024-27280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
    },
    {
      "name": "CVE-2025-31269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31269"
    },
    {
      "name": "CVE-2025-43354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43354"
    },
    {
      "name": "CVE-2025-43326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43326"
    },
    {
      "name": "CVE-2025-43204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43204"
    },
    {
      "name": "CVE-2025-43273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43273"
    },
    {
      "name": "CVE-2025-43347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43347"
    },
    {
      "name": "CVE-2025-43302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43302"
    },
    {
      "name": "CVE-2025-43321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43321"
    },
    {
      "name": "CVE-2025-31254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31254"
    },
    {
      "name": "CVE-2025-43299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43299"
    },
    {
      "name": "CVE-2025-43316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43316"
    },
    {
      "name": "CVE-2025-43263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43263"
    },
    {
      "name": "CVE-2025-31255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31255"
    },
    {
      "name": "CVE-2025-43375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43375"
    },
    {
      "name": "CVE-2025-6965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
    },
    {
      "name": "CVE-2025-43355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43355"
    },
    {
      "name": "CVE-2025-43207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43207"
    },
    {
      "name": "CVE-2025-43285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43285"
    },
    {
      "name": "CVE-2025-43370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43370"
    },
    {
      "name": "CVE-2025-43312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43312"
    },
    {
      "name": "CVE-2025-43317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43317"
    },
    {
      "name": "CVE-2025-31271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31271"
    },
    {
      "name": "CVE-2025-43208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43208"
    },
    {
      "name": "CVE-2025-43283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43283"
    },
    {
      "name": "CVE-2025-48384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48384"
    },
    {
      "name": "CVE-2025-43277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43277"
    },
    {
      "name": "CVE-2025-43325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43325"
    },
    {
      "name": "CVE-2025-43231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43231"
    },
    {
      "name": "CVE-2025-24197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24197"
    },
    {
      "name": "CVE-2025-43358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43358"
    },
    {
      "name": "CVE-2025-43328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43328"
    },
    {
      "name": "CVE-2025-43368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43368"
    },
    {
      "name": "CVE-2025-43315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43315"
    },
    {
      "name": "CVE-2025-43331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43331"
    },
    {
      "name": "CVE-2025-43310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43310"
    },
    {
      "name": "CVE-2025-43333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43333"
    },
    {
      "name": "CVE-2025-43203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43203"
    },
    {
      "name": "CVE-2025-43307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43307"
    },
    {
      "name": "CVE-2025-43297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43297"
    },
    {
      "name": "CVE-2025-43190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43190"
    },
    {
      "name": "CVE-2025-24088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24088"
    },
    {
      "name": "CVE-2025-43293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43293"
    },
    {
      "name": "CVE-2025-43343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43343"
    },
    {
      "name": "CVE-2025-43294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43294"
    },
    {
      "name": "CVE-2025-43286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43286"
    },
    {
      "name": "CVE-2025-43353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43353"
    },
    {
      "name": "CVE-2025-43356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43356"
    },
    {
      "name": "CVE-2025-43330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43330"
    },
    {
      "name": "CVE-2025-43272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43272"
    },
    {
      "name": "CVE-2025-31259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31259"
    },
    {
      "name": "CVE-2025-31268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31268"
    },
    {
      "name": "CVE-2025-43366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43366"
    },
    {
      "name": "CVE-2025-43298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43298"
    },
    {
      "name": "CVE-2025-43369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43369"
    },
    {
      "name": "CVE-2025-43308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43308"
    },
    {
      "name": "CVE-2025-43346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43346"
    },
    {
      "name": "CVE-2025-40909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40909"
    },
    {
      "name": "CVE-2025-43337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43337"
    },
    {
      "name": "CVE-2025-24133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24133"
    },
    {
      "name": "CVE-2025-43279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43279"
    },
    {
      "name": "CVE-2025-43314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43314"
    },
    {
      "name": "CVE-2025-43300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43300"
    },
    {
      "name": "CVE-2025-43342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43342"
    },
    {
      "name": "CVE-2025-43349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43349"
    },
    {
      "name": "CVE-2025-43341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43341"
    },
    {
      "name": "CVE-2025-43301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43301"
    },
    {
      "name": "CVE-2025-43318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43318"
    },
    {
      "name": "CVE-2025-43344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43344"
    },
    {
      "name": "CVE-2025-43311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43311"
    },
    {
      "name": "CVE-2025-43287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43287"
    },
    {
      "name": "CVE-2025-43303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43303"
    },
    {
      "name": "CVE-2025-43304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43304"
    },
    {
      "name": "CVE-2025-43291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43291"
    },
    {
      "name": "CVE-2025-43329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43329"
    },
    {
      "name": "CVE-2025-43357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43357"
    },
    {
      "name": "CVE-2025-43367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43367"
    },
    {
      "name": "CVE-2025-43371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43371"
    },
    {
      "name": "CVE-2025-43295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43295"
    },
    {
      "name": "CVE-2025-43305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-43305"
    }
  ],
  "initial_release_date": "2025-09-16T00:00:00",
  "last_revision_date": "2025-09-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0791",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2025-43300 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125112",
      "url": "https://support.apple.com/en-us/125112"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125116",
      "url": "https://support.apple.com/en-us/125116"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125110",
      "url": "https://support.apple.com/en-us/125110"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125115",
      "url": "https://support.apple.com/en-us/125115"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125141",
      "url": "https://support.apple.com/en-us/125141"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125117",
      "url": "https://support.apple.com/en-us/125117"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125114",
      "url": "https://support.apple.com/en-us/125114"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125108",
      "url": "https://support.apple.com/en-us/125108"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125111",
      "url": "https://support.apple.com/en-us/125111"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125109",
      "url": "https://support.apple.com/en-us/125109"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125142",
      "url": "https://support.apple.com/en-us/125142"
    },
    {
      "published_at": "2025-09-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 125113",
      "url": "https://support.apple.com/en-us/125113"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-43356 (GCVE-0-2025-43356)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Solutions

Solutions

Tags

Sightings

Nomenclature