CVE-2025-43494 - Vulnerability Details

A mail header parsing issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. An attacker may be able to cause a persistent denial-of-service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00028.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Apple	Ios Ipad Os Macos Macos Sequoia Macos Sonoma Macos Tahoe Visionos Watchos

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Apple	Ios Ipad Os Macos Macos Sequoia Macos Sonoma Macos Tahoe Visionos Watchos

References

Link	Providers
https://support.apple.com/en-us/125632
https://support.apple.com/en-us/125633
https://support.apple.com/en-us/125634
https://support.apple.com/en-us/125635
https://support.apple.com/en-us/125636
https://support.apple.com/en-us/125638
https://support.apple.com/en-us/125639

History

Mon, 15 Dec 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 14 Dec 2025 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios Apple ipad Os Apple macos Apple macos Sequoia Apple macos Sonoma Apple macos Tahoe Apple visionos Apple watchos
Vendors & Products		Apple Apple ios Apple ipad Os Apple macos Apple macos Sequoia Apple macos Sonoma Apple macos Tahoe Apple visionos Apple watchos

Fri, 12 Dec 2025 21:15:00 +0000

Type	Values Removed	Values Added
Description		A mail header parsing issue was addressed with improved checks. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, macOS Sonoma 14.8.2, macOS Sequoia 15.7.2, iOS 26.1 and iPadOS 26.1. An attacker may be able to cause a persistent denial-of-service.
References		https://support.apple.com/en-us/125632 https://support.apple.com/en-us/125633 https://support.apple.com/en-us/125634 https://support.apple.com/en-us/125635 https://support.apple.com/en-us/125636 https://support.apple.com/en-us/125638 https://support.apple.com/en-us/125639

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-12-12T20:56:47.563Z

Updated: 2025-12-15T14:51:07.150Z

Reserved: 2025-04-16T15:27:21.191Z

Link: CVE-2025-43494

Vulnrichment

Updated: 2025-12-15T14:50:56.126Z

NVD

Status : Awaiting Analysis

Published: 2025-12-12T21:15:55.390

Modified: 2025-12-15T18:22:40.637

Link: CVE-2025-43494

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-12-14T21:15:54Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object