6.5

CVE-2025-24162

This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 18.3
AppleiPadOS Version < 18.3
AppleiPhone OS Version < 18.3
ApplemacOS Version < 15.3
AppletvOS Version < 18.3
ApplevisionOS Version < 2.3
ApplewatchOS Version < 11.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.85% 0.824
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://support.apple.com/en-us/122066
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122068
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122071
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122072
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122073
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122074
Vendor Advisory
Release Notes