🛡️ CVE-2025-24201
🔴 CVSS 10.0 — Critical ✅ No Known Exploit CWE-787 NVD
10.0
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).

Details

Severity CRITICAL
CVSS Score 10.0
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE CWE-787
Public Exploit ✅ No
Source NVD
Published 2025-03-11
Updated 2026-06-02
Modified 2026-04-03
Fix URL N/A

Affected Packages

Software From version Fixed in
debian-linux
ipados 18.0 18.3.2
iphone-os 17.0 18.3.2
macos 15.0 15.3.2
safari 18.3.1
visionos 2.3.2
watchos 11.4

References

Release Notes, Vendor Advisory https://support.apple.com/en-us/122281
Release Notes, Vendor Advisory https://support.apple.com/en-us/122283
Release Notes, Vendor Advisory https://support.apple.com/en-us/122284
Release Notes, Vendor Advisory https://support.apple.com/en-us/122285
Release Notes, Vendor Advisory https://support.apple.com/en-us/122345
Release Notes, Vendor Advisory https://support.apple.com/en-us/122346
Release Notes, Vendor Advisory https://support.apple.com/en-us/122372
Release Notes, Vendor Advisory https://support.apple.com/en-us/122376
Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2025/Apr/16
Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2025/Apr/7
Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2025/Jun/19
Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2025/Mar/2
Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2025/Mar/3
Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2025/Mar/4
Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2025/Mar/5
Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2025/Oct/1
Mailing List, Third Party Advisory http://seclists.org/fulldisclosure/2025/Oct/31

Similar Threats

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.