CVE-2025-43534

MEDIUM EPSS 11.0%

Published Mar 25, 20263mo ago · Modified Jun 17, 20261w ago

6.8 CVSS 3.1

Medium

Published Mar 25, 2026 3mo ago

Last Modified Jun 17, 2026 1w ago

Description

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.

CVSS Details

Base Score

6.8

Exploitability

0.9

Impact

5.9

Vector string

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Physical

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

11.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-284

Affected Products 4

Vendor	Product	Version	Range
apple	ipados	*	<18.7.7
apple	ipados	*	≥26.0 – <26.2
apple	iphone_os	*	<18.7.7
apple	iphone_os	*	≥26.0 – <26.2

References 2

support.apple.com https://support.apple.com/en-us/125884

Release NotesVendor Advisory
support.apple.com https://support.apple.com/en-us/126793

Release NotesVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.