Medium severity4.3NVD Advisory· Published Nov 21, 2025· Updated Apr 2, 2026
CVE-2025-31266
CVE-2025-31266
Description
A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <18.5
- (no CPE)range: <18.5
- Range: <15.5
Patches
Vulnerability mechanics
References
2- support.apple.com/en-us/122716nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122719nvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.