8

CVE-2025-24223

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 18.5
AppleiPadOS Version < 18.5
AppleiPhone OS Version < 18.5
ApplemacOS Version < 15.5
AppletvOS Version < 18.5
ApplevisionOS Version < 2.5
ApplewatchOS Version < 11.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.218
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8 2.1 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

https://support.apple.com/en-us/122716
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122720
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122404
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122721
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122722
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122719
Vendor Advisory
Release Notes
http://seclists.org/fulldisclosure/2025/May/7
https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html
http://seclists.org/fulldisclosure/2025/May/10
http://seclists.org/fulldisclosure/2025/May/12
http://seclists.org/fulldisclosure/2025/May/13
http://seclists.org/fulldisclosure/2025/May/5