Critical severity10.0CISA KEVNVD Advisory· Published Mar 11, 2025· Updated Apr 3, 2026

CVE-2025-24201

Description

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).

Affected products

Apple Inc./Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Range: <18.3.1
Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: >=15.8,<15.8.4
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: >=15.8,<15.8.4
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: >=15.0,<15.3.2
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.3.2
Apple Inc./watchOS
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Range: <11.4
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2025/Apr/16nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2025/Apr/7nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2025/Jun/19nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2025/Mar/2nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2025/Mar/3nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2025/Mar/4nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2025/Mar/5nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2025/Oct/1nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2025/Oct/31nvdMailing ListThird Party Advisory
support.apple.com/en-us/122281nvdRelease NotesVendor Advisory
support.apple.com/en-us/122283nvdRelease NotesVendor Advisory
support.apple.com/en-us/122284nvdRelease NotesVendor Advisory
support.apple.com/en-us/122285nvdRelease NotesVendor Advisory
support.apple.com/en-us/122345nvdRelease NotesVendor Advisory
support.apple.com/en-us/122346nvdRelease NotesVendor Advisory
support.apple.com/en-us/122372nvdRelease NotesVendor Advisory
support.apple.com/en-us/122376nvdRelease NotesVendor Advisory
github.com/cisagov/vulnrichment/issues/194nvdIssue Tracking
lists.debian.org/debian-lts-announce/2025/06/msg00016.htmlnvdMailing List
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.650
epss	0.000
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000