VDB
ALAS2-2025-2869
ALAS2-2025-2869
PUBLISHED
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amazon | webkitgtk4 |
Exploit Intelligence
- Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
- Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, exploiting WebKit (CVE-2025-24201) and Core Media (CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc)
- CVE-2025-24201 WebKit Vulnerability Detector (PoC) (github-poc)
- ios_v1_generated.go (github-poc)
- safari_v2_generated.go (github-poc)
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
- ios_v2_generated.go (github-poc)
- index6.html (github-poc)
- visionos_v2_generated.go (github-poc)
…and 7 more exploits
Timeline
- May 29, 2025 CVE Published