CVE-2025-43356
📊 6.5 MEDIUM⚡ 0.0%🎯 0 exploits
📅 Published Sep 15, 2025
📋 Status: Analyzed
The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A website may be able to access sensor information without user consent.
CVSS v3.1 • 134c704f-9b21-4f2e-91b3-4a467353bcc0
🎯 Affected Products & Systems
7 product configurations affected
Filter by type:
| Type | Vendor | Product | Version Range | Status | CPE String |
|---|---|---|---|---|---|
📱App | apple | safari | < 26.0 | Vulnerable | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* |
💻OS | apple | ipados | < 18.7 | Vulnerable | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
💻OS | apple | iphone os | < 18.7 | Vulnerable | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
💻OS | apple | macos | < 26.0 | Vulnerable | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
💻OS | apple | tvos | < 26.0 | Vulnerable | cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
💻OS | apple | visionos | < 26.0 | Vulnerable | cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* |
💻OS | apple | watchos | < 26.0 | Vulnerable | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
Version: < 18.7
CPE:
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Version: < 26.0
CPE:
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
7 products•scroll for more
Metrics
6.5 MEDIUMCVSS v3.1134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector:
NETWORK
Complexity:
LOW
Privileges:
NONE
User Interaction:
REQUIRED
Confidentiality:
HIGH
Integrity:
NONE
Availability:
NONE
Scope:
UNCHANGED
🔍 Technical Details
Analysis Status
AnalyzedCVSS Details
6.5 (MEDIUM)v3.1
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
EPSS Details
0.0% (Minimal)13.3th percentile
Last updated: Oct 30, 2025
Exploitation probability within 30 days
Published Date
Sep 15, 2025 (1 month ago)
Last Modified
Sep 17, 2025 (1 month ago)
Security Weaknesses1
CWE-200
References8
NVDgeneralgeneral+5