Back to KEVs

CVE-2025-43200

This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS...

Basic Information

CVE State: PUBLISHED
Reserved Date: April 16, 2025
Published Date: June 16, 2025
Last Updated: June 18, 2025
Vendor: Apple
Product: iOS and iPadOS, macOS, iPadOS, watchOS, visionOS
Description: This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Tags

CVSS Scores

CVSS v3.1

4.8 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Score

Score: 0.58% (Percentile: 67.79%) as of 2025-06-20

SSVC Information

Exploitation: none
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (2025-06-16 22:40:25 UTC) Source

References

https://support.apple.com/en-us/122346 https://support.apple.com/en-us/122901 https://support.apple.com/en-us/122900 https://support.apple.com/en-us/122173 https://support.apple.com/en-us/122903 https://support.apple.com/en-us/122345 https://support.apple.com/en-us/122902 https://support.apple.com/en-us/122174 https://support.apple.com/en-us/122904

Known Exploited Vulnerability Information

Source	Added Date
CVE	2025-06-16 22:40:18 UTC

Recent Mentions

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Source: TheHackerNews • Published: 2025-06-13 07:03:00 UTC

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1,

New Zero-Click iMessage Exploit Infected iPhones with Paragon Spyware

Source: CyberInsider • Published: 2025-06-12 16:51:06 UTC

Citizen Lab has uncovered a previously undisclosed iMessage zero-click vulnerability used to deploy Paragon's Graphite spyware against at least two European journalists. The flaw, now tracked as CVE-2025-43200, represents a new zero-day vulnerability and is the latest example of how mercenary spyware operators are exploiting iOS through silent or poorly disclosed attack chains. The forensic … The post New Zero-Click iMessage Exploit Infected iPhones with Paragon Spyware appeared first on CyberInsider.

Timeline

CVE ID Reserved

April 16, 2025
CVE Published to Public

June 16, 2025
Added to KEVIntel

June 16, 2025