CVE-2025-43531
LOWDescription
A race condition was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apple | safari |
| apple | ipados |
| apple | iphone_os |
| apple | iphone_os |
| apple | macos |
| apple | tvos |
| apple | visionos |
| apple | watchos |
References
Frequently Asked Questions
What is CVE-2025-43531? +
How severe is CVE-2025-43531? +
What products are affected by CVE-2025-43531? +
How do I check if I'm vulnerable to CVE-2025-43531? +
Related Vulnerabilities
OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers …
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an …
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue …
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a …
go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if …
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar …