Skip to main content

Safari CVE-2025-43228

MEDIUM
User Interface (UI) Misrepresentation of Critical Information (CWE-451)
2025-07-30 product-security@apple.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
SUSE
MEDIUM
qualitative
Red Hat
4.3 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
Patch released
Apr 06, 2026 - 08:30 nvd
Patch available
Analysis Generated
Apr 02, 2026 - 19:37 vuln.today
CVE Published
Jul 30, 2025 - 00:15 nvd
MEDIUM 4.3

DescriptionCVE.org

The issue was addressed with improved UI. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6. Visiting a malicious website may lead to address bar spoofing.

AnalysisAI

Address bar spoofing in Apple Safari, iOS, and iPadOS allows remote attackers to deceive users about the website they are visiting through malicious web content, exploiting a user interface flaw that fails to adequately distinguish legitimate from spoofed address bar information. The vulnerability affects Safari before version 18.6, iOS before 18.6, and iPadOS before 18.6, and requires user interaction to visit a malicious site. No public exploit code or active exploitation has been confirmed; the EPSS score of 0.04% reflects low real-world exploitation probability despite the network attack vector.

Technical ContextAI

This vulnerability is rooted in CWE-451 (User Interface (UI) Misrepresentation of Critical Information), a class of flaws where security-critical UI elements fail to accurately represent system state. In this case, the address bar-a primary mechanism for users to verify website authenticity and identity-can be visually spoofed through malicious webpage crafting. The flaw affects Apple's browser engine and rendering components across Safari (macOS), iOS, and iPadOS platforms. The attack leverages the fact that modern browsers must render complex web content that can obscure, overlay, or visually mimic the UI chrome (address bar, security indicators) that users rely upon to authenticate their destination. Apple addressed this by improving UI separation and rendering logic to prevent such visual manipulation, as indicated by the fix being released in Safari 18.6, iOS 18.6, and iPadOS 18.6.

RemediationAI

Vendor-released patch: Safari 18.6, iOS 18.6, and iPadOS 18.6. Users should immediately update all affected devices via Apple's system Software Update mechanism (Settings > General > Software Update on iOS/iPadOS, or System Settings > General > Software Update on macOS). No workarounds are available prior to patching, though users can reduce risk by being cautious of unfamiliar URLs and verifying website legitimacy through independent channels (e.g., typing the URL directly rather than following links) until their devices are updated. Refer to Apple's official security advisories at https://support.apple.com/en-us/124147 and https://support.apple.com/en-us/124152 for complete guidance and to confirm patch availability for your device model and OS version.

More in Safari

View all
CVE-2017-2547 HIGH POC
8.8 May 22

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2014-1303 CRITICAL POC
10.0 Mar 26

Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox

CVE-2023-43000 HIGH POC
8.8 Nov 05

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability

CVE-2016-4622 HIGH
8.8 Jul 22

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrar

CVE-2015-1155 MEDIUM POC
4.3 May 08

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allo

CVE-2015-1126 MEDIUM POC
4.3 Apr 10

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not

CVE-2017-2446 HIGH POC
8.8 Apr 02

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13802 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13795 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13794 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13792 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2017-13785 HIGH POC
8.8 Nov 13

An issue was discovered in certain Apple products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Enterprise Storage 7.1 Fixed
SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 Fixed
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS Fixed

Share

CVE-2025-43228 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy