{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-43280","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2025-04-16T15:24:37.101Z","datePublished":"2025-10-15T20:00:47.792Z","dateUpdated":"2026-04-02T18:09:56.959Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"Forwarding an email could display remote images in Mail in Lockdown Mode"}]}],"affected":[{"vendor":"Apple","product":"iOS and iPadOS","versions":[{"version":"0","status":"affected","lessThan":"18.6","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"The issue was resolved by not loading remote images. This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode."}],"references":[{"url":"https://support.apple.com/en-us/124147"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2026-04-02T18:09:56.959Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-940","lang":"en","description":"CWE-940 Improper Verification of Source of a Communication Channel"}]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":4.7,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-10-16T13:44:46.545743Z","id":"CVE-2025-43280","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-16T20:28:21.379Z"}}]}}