CISA has added CVE‑2025‑43520 to its Known Exploited Vulnerabilities (KEV) catalogue. The entry concerns an Apple classic buffer‑overflow flaw affecting Apple watchOS, iOS, iPadOS, macOS, visionOS, tvOS and iPadOS, described as the “Apple Multiple Products Classic Buffer Overflow Vulnerability”.
The vulnerability is a classic buffer overflow that can be triggered by a malicious application running on the affected operating systems. Successful exploitation may cause unexpected system termination or allow the application to write to kernel memory, potentially leading to privilege escalation. The National Vulnerability Database rates the flaw with a CVSS v3.1 base score of 5.5 (Medium). Apple has released patches for all listed products, with advisory details available on its support site.
Because the vulnerability appears in the KEV list, active exploitation in the wild has been confirmed. At present there is no publicly known ransomware campaign that leverages this bug, but the presence of functional exploits makes it a priority for mitigation. CISA has set a remediation deadline of 3 April 2026 for affected Federal Civilian Executive Branch (FCEB) agencies.
CISA’s required remediation language is to “apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” Agencies must therefore install Apple’s released patches, apply any additional mitigations Apple recommends, and consider decommissioning any devices that cannot be remediated.
Organisations outside the federal sector should review their inventory for the listed Apple products, verify patch status and apply the same mitigations to reduce exposure.
For full technical details, see the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2025-43520 and the CISA KEV catalogue entry linked in the advisory.