CVE-2025-24201

EUVD-2025-6302

11.03.2025, 18:15

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
apple	safari	𝑥 < 18.3.1
apple	macos	15.0 ≤ 𝑥 < 15.3.2
apple	visionos	𝑥 < 2.3.2
apple	watchos	𝑥 < 11.4
apple	ipados	15.8 ≤ 𝑥 < 15.8.4
apple	ipados	16.7 ≤ 𝑥 < 16.7.11
apple	ipados	17.0 ≤ 𝑥 < 17.7.6
apple	ipados	18.0 ≤ 𝑥 < 18.3.2
apple	iphone_os	15.8 ≤ 𝑥 < 15.8.4
apple	iphone_os	16.7 ≤ 𝑥 < 16.7.11
apple	iphone_os	17.0 ≤ 𝑥 < 18.3.2
debian	debian_linux	11.0