CVE-2025-24216

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122371	Vendor Advisory
https://support.apple.com/en-us/122372	Vendor Advisory
https://support.apple.com/en-us/122373	Vendor Advisory
https://support.apple.com/en-us/122377	Vendor Advisory
https://support.apple.com/en-us/122378	Vendor Advisory
https://support.apple.com/en-us/122379	Vendor Advisory
http://seclists.org/fulldisclosure/2025/Apr/11
http://seclists.org/fulldisclosure/2025/Apr/12
http://seclists.org/fulldisclosure/2025/Apr/13
http://seclists.org/fulldisclosure/2025/Apr/2
http://seclists.org/fulldisclosure/2025/Apr/4
http://seclists.org/fulldisclosure/2025/Apr/5
http://seclists.org/fulldisclosure/2025/Apr/8
https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::

History

03 Nov 2025, 21:19

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2025/Apr/11 - () http://seclists.org/fulldisclosure/2025/Apr/12 - () http://seclists.org/fulldisclosure/2025/Apr/2 - () http://seclists.org/fulldisclosure/2025/Apr/4 - () http://seclists.org/fulldisclosure/2025/Apr/5 - () http://seclists.org/fulldisclosure/2025/Apr/8 -

03 Nov 2025, 20:17

Type	Values Removed	Values Added
First Time		Apple visionos Apple safari Apple Apple macos Apple iphone Os Apple ipados Apple tvos
References		() http://seclists.org/fulldisclosure/2025/Apr/13 - () https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html -
References	~~() https://support.apple.com/en-us/122371 -~~	() https://support.apple.com/en-us/122371 - Vendor Advisory
References	~~() https://support.apple.com/en-us/122372 -~~	() https://support.apple.com/en-us/122372 - Vendor Advisory
References	~~() https://support.apple.com/en-us/122373 -~~	() https://support.apple.com/en-us/122373 - Vendor Advisory
References	~~() https://support.apple.com/en-us/122377 -~~	() https://support.apple.com/en-us/122377 - Vendor Advisory
References	~~() https://support.apple.com/en-us/122378 -~~	() https://support.apple.com/en-us/122378 - Vendor Advisory
References	~~() https://support.apple.com/en-us/122379 -~~	() https://support.apple.com/en-us/122379 - Vendor Advisory
CPE		cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:a:apple:safari:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:tvos::::::::

03 Apr 2025, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
Summary		(es) El problema se solucionó mejorando la gestión de la memoria. Este problema está corregido en visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 y iPadOS 18.4, macOS Sequoia 15.4 y Safari 18.4. El procesamiento de contenido web malintencionado puede provocar un bloqueo inesperado de Safari.
CWE		CWE-508 CWE-119

31 Mar 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-31 23:15

Updated : 2025-11-03 21:19

NVD link : CVE-2025-24216

Mitre link : CVE-2025-24216

CVE.ORG link : CVE-2025-24216

JSON object : View

Products Affected

apple

tvos
ipados
safari
macos
iphone_os
visionos

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-508

Non-Replicating Malicious Code

4.3 /10