CVE-2025-43520 — Apple Multiple Products Classic Buffer Overflow Vulnerability
2026-03-20 • CISA Known Exploited Vulnerability
[event] Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Apple |
| Product | Multiple Products |
| CWE | CWE-120 |
| CVE ID | CVE-2025-43520 |
| Date Added | 2026-03-20 |
| Due Date | 2026-04-03 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due Date: 2026-04-03
> REFERENCES
- [1] https://support.apple.com/en-us/125632
- [2] https://support.apple.com/en-us/125633
- [3] https://support.apple.com/en-us/125634
- [4] https://support.apple.com/en-us/125635
- [5] https://support.apple.com/en-us/125636
- [6] https://support.apple.com/en-us/125637
- [7] https://support.apple.com/en-us/125638
- [8] https://support.apple.com/en-us/125639
- [9] https://nvd.nist.gov/vuln/detail/CVE-2025-43520