1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Apple Multiple Products Unspecified Vulnerability

Known Exploited Vulnerabilities CVE-2025-43200

Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-43200 Apple Multiple Products Unspecified Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
A zero-click attack leveraging this vulnerability involves sending a maliciously crafted photo or video in an iCloud link via the Messages app. Reports indicate that the targeted devices are then compromised with Paragon's Graphite spyware.
References
  1. https://support.apple.com/en-us/124925
  2. https://securityaffairs.com/181394/security/apple-addressed-the-seventh-actively-exploited-zero-day.html
  3. https://www.helpnetsecurity.com/2025/06/13/ios-zero-click-attacks-used-to-deliver-graphite-spyware-cve-2025-43200/
  4. https://thehackernews.com/2025/06/apple-zero-click-flaw-in-messages.html
CVE-2025-43200 Apple Multiple Products Unspecified Vulnerability secondary_impact T1005 Data from Local System
Comments
A zero-click attack leveraging this vulnerability involves sending a maliciously crafted photo or video in an iCloud link via the Messages app. Reports indicate that the targeted devices are then compromised with Paragon's Graphite spyware.
References
  1. https://support.apple.com/en-us/124925
  2. https://securityaffairs.com/181394/security/apple-addressed-the-seventh-actively-exploited-zero-day.html
  3. https://www.helpnetsecurity.com/2025/06/13/ios-zero-click-attacks-used-to-deliver-graphite-spyware-cve-2025-43200/
  4. https://thehackernews.com/2025/06/apple-zero-click-flaw-in-messages.html
CVE-2025-43200 Apple Multiple Products Unspecified Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
A zero-click attack leveraging this vulnerability involves sending a maliciously crafted photo or video in an iCloud link via the Messages app. Reports indicate that the targeted devices are then compromised with Paragon's Graphite spyware.
References
  1. https://support.apple.com/en-us/124925
  2. https://securityaffairs.com/181394/security/apple-addressed-the-seventh-actively-exploited-zero-day.html
  3. https://www.helpnetsecurity.com/2025/06/13/ios-zero-click-attacks-used-to-deliver-graphite-spyware-cve-2025-43200/
  4. https://thehackernews.com/2025/06/apple-zero-click-flaw-in-messages.html