CVE-2025-43368
Published: September 24, 2025Last modified: January 22, 2026
Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.3 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | LOW |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Liberica JDK | 8 | jdk-full | Fixed (8u482+10) |
| jre-full | Fixed (8u482+10) | ||
| 11 | jdk-full | Fixed (11.0.30+9) | |
| jre-full | Fixed (11.0.30+9) | ||
| 17 | jdk-full | Fixed (17.0.18+10) | |
| jre-full | Fixed (17.0.18+10) | ||
| 21 | jdk-full | Fixed (21.0.10+10) | |
| jre-full | Fixed (21.0.10+10) | ||
| 25 | jdk-full | Fixed (25.0.2+12) | |
| jre-full | Fixed (25.0.2+12) |
References
- http://seclists.org/fulldisclosure/2025/Sep/49
- http://seclists.org/fulldisclosure/2025/Sep/53
- http://seclists.org/fulldisclosure/2025/Sep/59
- http://www.openwall.com/lists/oss-security/2025/09/22/3
- https://support.apple.com/en-us/125108
- https://support.apple.com/en-us/125110
- https://support.apple.com/en-us/125113