CVE-2025-43529

CVSS v2.0

High

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: WebKitGTK versions 2.50.4-0ubuntu0.25.04.1, Apple iOS, iPadOS, macOS, Safari, tvOS, and visionOS versions prior to 26.2.

Description: This vulnerability is a use-after-free issue in WebKit, potentially leading to arbitrary code execution. The vulnerability has been actively exploited in the wild and is considered a high-severity issue. It affects multiple Apple operating systems and products that utilize WebKit. Exploitation involves processing maliciously crafted web content, which can lead to memory corruption and potentially allow attackers to gain control of the affected system. The vulnerability has been exploited in sophisticated attacks targeting specific individuals.

Recommendations: Update WebKitGTK to version 2.50.4-0ubuntu0.25.04.1. Update Apple iOS, iPadOS, macOS, Safari, tvOS, and visionOS to version 26.2 or later.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:23663

ALSA-2025:23700

BDU:2026-00005

CVE-2025-43529

DLA-4414-1

DSA-6083-1

OPENSUSE-SU-2026:20065-1

SUSE-SU-2025:4527-1

SUSE-SU-2025:4528-1

SUSE-SU-2026:0021-1

SUSE-SU-2026:20102-1

USN-7957-1

Affected Products

Almalinux

Centos

Debian

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Safari

Ubuntu

Webkit

Ios

Ipados

Tvos

Visionos

Watchos

CVE-2025-43529

Weakness Enumeration

Related Identifiers

Affected Products

References · 256