PT-2025-44867 · Apple+7 · Ipados+13

Hossein Lotfi

Published

2025-11-03

Updated

2026-01-20

CVE-2025-43432

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 26.1 visionOS versions prior to 26.1 watchOS versions prior to 26.1 iOS versions prior to 26.1 iPadOS versions prior to 26.1 tvOS versions prior to 26.1

Description A use-after-free issue exists due to improper memory management when processing maliciously crafted web content. This can lead to an unexpected process crash. The issue relates to the WasmFunctionParser and its handling of function signatures.

Recommendations Update Apple Safari to version 26.1. Update visionOS to version 26.1. Update watchOS to version 26.1. Update iOS to version 26.1. Update iPadOS to version 26.1. Update tvOS to version 26.1.

Fix

RCE

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:22789

ALSA-2025:22790

BDU:2026-03301

CVE-2025-43432

DLA-4394-1

DSA-6070-1

MGASA-2025-0319

OPENSUSE-SU-2026:20065-1

SUSE-SU-2025:4416-1

SUSE-SU-2025:4423-1

SUSE-SU-2026:0021-1

SUSE-SU-2026:20102-1

USN-7914-1

ZDI-25-1011

Affected Products

Almalinux

Centos

Debian

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Safari

Ubuntu

Ios

Ipados

Tvos

Visionos

Watchos

PT-2025-44867 · Apple+7 · Ipados+13

CVE-2025-43432

Weakness Enumeration

Related Identifiers

Affected Products

References · 157