CVE-2025-43200 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-06-16

Added to CISA KEV: 2025-06-16 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
Immediately update all Apple devices to patched versions (iOS 18.3.1, macOS 15.3.1, etc.)
Monitor for suspicious iCloud Link sharing activities
High patch priority due to CISA KEV status and active exploitation

🔍 Web Intelligence (Kagi · 2025-09-06)

Here's what is known about the CVE-2025-43200 vulnerability:

Affected Applications/Services:

* CVE-2025-43200 affects Apple products, specifically iOS, iPadOS, macOS, watchOS, and visionOS ^[1]. * The vulnerability is related to processing a maliciously crafted photo or video shared via an iCloud Link ^[2]^[1]. * It involves a logic issue that occurs when handling content shared through iCloud Links ^[3]^[4].

Active Exploitation:

* Apple is aware of reports indicating that this vulnerability has been exploited in sophisticated attacks against specific, targeted individuals ^[2]^[5]. * It was actively exploited in the wild to target civil society members ^[6].

Attack Vectors and Exploitation Methods:

* The vulnerability is a zero-click flaw, meaning attackers can compromise devices without any user interaction ^[7]. * The attack vector involves a maliciously crafted photo or video shared via an iCloud Link ^[2]^[1]. * The vulnerability lies in a logic issue within the Messages app related to how iCloud Links handle shared media ^[8].

Targeted Attacks:

* CVE-2025-43200 has been used in targeted attacks to deploy spyware, such as Paragon's Graphite, onto the devices of journalists and civil society members ^[6]^[4]. * Apple began sending threat notifications to targeted individuals on April 29, 2025 ^[9].

CISA KEV Status:

* CISA has added CVE-2025-43200 to its Known Exploited Vulnerabilities (KEV) Catalog, indicating that it poses a significant risk and is actively being exploited ^[10]^[11]. * Federal Civilian Executive Branch (FCEB) agencies are advised to use the KEV catalog to prioritize their vulnerability management efforts ^[12]^[13].

Technical Details/Internet Exploitability:

* The vulnerability is triggered when processing a maliciously crafted photo or video shared via iCloud Link ^[2]^[1]. * It is described as a logic issue ^[2]^[5]. * The attack vector bypasses traditional user awareness and security measures due to its zero-click nature ^[3]. * Successful exploitation allows attackers to compromise devices remotely without any user interaction ^[7].

Sources

Known Exploited Vulnerabilities Catalog | CISA
CVE-2025-43200. Apple Multiple Products Unspecified Vulnerability: Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.
CVE-2025-43200 Detail - NVD
A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link.
CISA Warns of iOS 0-Click Vulnerability Exploited in the Wild
CVE-2025-43200 specifically targets Apple’s media processing functionality when handling content shared through iCloud Links, creating an attack vector that bypasses traditional user awareness and security measures. CISA added this vulnerability to the KEV catalog on June 16, 2025...
iOS zero-click attacks used to deliver Graphite spyware (CVE-2025 ...
CVE-2025-43200 is a logic issue triggered when the Apple smartphone processed a maliciously crafted photo or video shared via an iCloud Link.
CVE-2025-43200 - Tenable
Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

🟢 CVE-2025-43200

📋 Vulnerability Details

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-09-06)

Sources