CVE-2025-43229

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-43229
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://support.apple.com/en-us/124149 Release Notes Vendor Advisory
https://support.apple.com/en-us/124152 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
History

01 Aug 2025, 14:35

Type Values Removed Values Added
References () https://support.apple.com/en-us/124149 - () https://support.apple.com/en-us/124149 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/124152 - () https://support.apple.com/en-us/124152 - Release Notes, Vendor Advisory
First Time Apple
Apple macos
Apple safari
CPE cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

31 Jul 2025, 18:15

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1
Summary (es) Este problema se solucionó mejorando la gestión de estados. Este problema se solucionó en macOS Sequoia 15.6. El procesamiento de contenido web manipulado con fines malintencionados puede provocar ataques de cross-site scripting. (es) Este problema se solucionó mejorando la gestión de estado. Este problema se solucionó en macOS Sequoia 15.6. El procesamiento de contenido web manipulado con fines malintencionados puede provocar ataques de cross-site scripting.

30 Jul 2025, 23:15

Type Values Removed Values Added
References
  • () https://support.apple.com/en-us/124152 -
Summary
  • (es) Este problema se solucionó mejorando la gestión de estados. Este problema se solucionó en macOS Sequoia 15.6. El procesamiento de contenido web manipulado con fines malintencionados puede provocar ataques de cross-site scripting.
Summary (en) This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.6. Processing maliciously crafted web content may lead to universal cross site scripting. (en) This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. Processing maliciously crafted web content may lead to universal cross site scripting.

30 Jul 2025, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-30 00:15

Updated : 2025-08-01 14:35

NVD link : CVE-2025-43229

Mitre link : CVE-2025-43229

CVE.ORG link : CVE-2025-43229

JSON object : View

Products Affected

apple

  • macos
  • safari
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')