CVE-2025-24201 — CRITICAL (10.0)

Q: How severe is CVE-2025-24201?

CVE-2025-24201 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-24201?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Apple Macos, Apple Visionos, Apple Watchos, Apple Ipados.

Vulnerability Description

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apple	Safari	< 18.3.1
Apple	Macos	>= 15.0, < 15.3.2
Apple	Visionos	< 2.3.2
Apple	Watchos	< 11.4
Apple	Ipados	>= 15.8, < 15.8.4
Apple	Iphone Os	>= 15.8, < 15.8.4
Debian	Debian Linux	11.0

Related Weaknesses (CWE)

CWE-787

References

https://support.apple.com/en-us/122281Release NotesVendor Advisory
https://support.apple.com/en-us/122283Release NotesVendor Advisory
https://support.apple.com/en-us/122284Release NotesVendor Advisory
https://support.apple.com/en-us/122285Release NotesVendor Advisory
https://support.apple.com/en-us/122345Release NotesVendor Advisory
https://support.apple.com/en-us/122346Release NotesVendor Advisory
https://support.apple.com/en-us/122372Release NotesVendor Advisory
https://support.apple.com/en-us/122376Release NotesVendor Advisory
http://seclists.org/fulldisclosure/2025/Apr/16Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Apr/7Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Jun/19Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Mar/2Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Mar/3Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Mar/4Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Mar/5Mailing ListThird Party Advisory

FAQ

What is CVE-2025-24201?

CVE-2025-24201 is a vulnerability with a CVSS score of 10.0 (CRITICAL). An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS...

How severe is CVE-2025-24201?

CVE-2025-24201 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-24201?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Apple Macos, Apple Visionos, Apple Watchos, Apple Ipados.