CVE-2025-43529

Name of the Vulnerable Software and Affected Versions WebKitGTK versions 2.50.4-0ubuntu0.25.04.1 Apple iOS, iPadOS, macOS, Safari, watchOS, and visionOS versions prior to updates addressing CVE-2025-43529 PS5 version 11.00 and earlier

Description The WebKitGTK Web and JavaScript engines, as well as Apple’s WebKit framework used in Safari and other applications, contain vulnerabilities. A use-after-free issue has been identified, allowing a remote attacker to potentially execute arbitrary code, trigger crashes, or bypass security restrictions. This vulnerability is actively exploited in the wild and has been assigned the identifier CVE-2025-43529. The root cause is a flaw in the JSC DFG JIT compiler, specifically related to memory management during escape analysis. Exploitation involves converting the use-after-free condition into a type confusion, structure mismatch, or arbitrary read/write primitive. The vulnerability affects multiple Apple platforms, including iOS, iPadOS, macOS, watchOS, visionOS, and tvOS. It has been confirmed on PS5 systems.

Recommendations Update WebKitGTK to version 2.50.4-0ubuntu0.25.04.1. Update Apple iOS, iPadOS, macOS, watchOS, visionOS, and tvOS to the latest available versions. For PS5 users, ensure the system is updated to the latest available firmware.