CVE-2025-43265: 
Apple Safari vulnerability analysis and mitigation

CVE-2025-43265 is an out-of-bounds read vulnerability discovered in Apple's WebKit component, affecting multiple Apple operating systems and Safari browser. The vulnerability was disclosed on July 29, 2025, and was discovered by HexRabbit (@h3xr4bb1t) from DEVCORE Research Team. The affected systems include Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, and tvOS 18.6 (Apple iOS, Apple Safari).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) in WebKit, Apple's browser engine. The vulnerability occurs when processing maliciously crafted web content, which may lead to the disclosure of internal states of the app. The issue was addressed with improved input validation. The CVSS v3.1 base score is 4.0 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (NVD).

When exploited, the vulnerability allows processing maliciously crafted web content to disclose internal states of the application. This could potentially lead to information disclosure and privacy breaches for users of affected Apple devices (Apple Safari).

Apple has addressed this vulnerability by implementing improved input validation in the affected systems. Users are advised to update to the following versions: Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, and tvOS 18.6 (Apple iOS).