VDB
CISA-2025-43227
CISA-2025-43227
PUBLISHED
CVSS 7.5 HIGH
Reported by apple · Published July 29, 2025
This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | unspecified |
| Apple | macOS | unspecified |
| Apple | tvOS | unspecified |
| Apple | visionOS | unspecified |
| Apple | watchOS | unspecified |
| Apple | iOS and iPadOS | unspecified |
| Apple | iOS and iPadOS | unspecified, * |
| Apple | watchOS | unspecified, * |
| Apple | macOS | unspecified, unspecified |
| Apple | Safari | *, unspecified |
| Apple | tvOS | unspecified, * |
| Apple | visionOS | unspecified, * |
Timeline
- Jul 29, 2025 CVE Published
- Nov 4, 2025 CVE Updated
References
- https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html url
- http://seclists.org/fulldisclosure/2025/Aug/0 url
- http://seclists.org/fulldisclosure/2025/Jul/36 url
- http://seclists.org/fulldisclosure/2025/Jul/35 url
- http://seclists.org/fulldisclosure/2025/Jul/32 url
- http://seclists.org/fulldisclosure/2025/Jul/30 url
- http://www.openwall.com/lists/oss-security/2025/08/02/1 url