CVE-2025-24162
MEDIUMCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.
Analysis
This issue was addressed through improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash. Affected products include: Apple Safari, Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos.
Affected Products
Apple Safari, Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today