High severity8.1NVD Advisory· Published Mar 31, 2025· Updated Apr 2, 2026
CVE-2025-24180
CVE-2025-24180
Description
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <18.4
- (no CPE)range: <18.4
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=15.0,<15.4
- (no CPE)range: <15.4
- Range: <18.4
Patches
Vulnerability mechanics
References
10- support.apple.com/en-us/122371nvdVendor Advisory
- support.apple.com/en-us/122373nvdVendor Advisory
- support.apple.com/en-us/122378nvdVendor Advisory
- support.apple.com/en-us/122379nvdVendor Advisory
- seclists.org/fulldisclosure/2025/Apr/12nvd
- seclists.org/fulldisclosure/2025/Apr/13nvd
- seclists.org/fulldisclosure/2025/Apr/2nvd
- seclists.org/fulldisclosure/2025/Apr/4nvd
- seclists.org/fulldisclosure/2025/Apr/8nvd
- support.apple.com/en-us/122376nvd
News mentions
0No linked articles in our index yet.