CVE-2025-43501

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 26.2 iOS versions prior to 18.7.3 iPadOS versions prior to 18.7.3 macOS Tahoe versions prior to 26.2 visionOS versions prior to 26.2 WebKitGTK (affected versions not specified) webkit2gtk in Debian Linux (affected versions not specified) webkit2gtk3 in SberLinux (affected versions not specified) wpewebkit in Debian Linux (affected versions not specified)

Description This issue is a buffer overflow in Apple Safari’s JavaScriptCore and WebKitGTK, stemming from improper memory handling when processing maliciously crafted web content. This can lead to an unexpected process crash. The issue was addressed by improving memory handling. There is no mention of the number of potentially affected devices or any real-world incidents where this issue was exploited.

Recommendations Update Apple Safari to version 26.2 or later. Update iOS to version 18.7.3 or later. Update iPadOS to version 18.7.3 or later. Update macOS Tahoe to version 26.2 or later. Update visionOS to version 26.2 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability for WebKitGTK, webkit2gtk in Debian Linux, webkit2gtk3 in SberLinux, and wpewebkit in Debian Linux.