VDB
CVE-2025-46299
CVE-2025-46299
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may disclose internal states of the app.
EPSS 0.03% · 8.3th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
EPSS Score
0.03%
8.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apple | tvos | 0 |
| apple | watchos | 0 |
| Apple | watchOS | * |
| apple | visionos | 0 |
| apple | safari | 0 |
| Apple | Safari | * |
| apple | macos | 0 |
| Apple | iOS and iPadOS | unspecified |
| Apple | macOS | * |
| Apple | visionOS | unspecified |
| apple | iphone_os | 0 |
| Apple | tvOS | unspecified |
| apple | ipados | 0 |
Exploit Intelligence
- WebKit NavigateEvent.canIntercept SOP bypass via cross-port interception — iOS 26.3.1 BSI (CVE-2026-20643) (github-poc-repo)
- WebKit NavigateEvent.canIntercept SOP bypass via cross-port interception — iOS 26.3.1 BSI (CVE-2026-20643) (github-poc-repo)
- WebKit NavigateEvent.canIntercept SOP bypass via cross-port interception — iOS 26.3.1 BSI (CVE-2026-20643) (github-poc-repo)
- WebKit NavigateEvent.canIntercept SOP bypass via cross-port interception — iOS 26.3.1 BSI (CVE-2026-20643) (github-poc-repo)
- WebKit NavigateEvent.canIntercept SOP bypass via cross-port interception — iOS 26.3.1 BSI (CVE-2026-20643) (github-poc-repo)
- WebKit NavigateEvent.canIntercept SOP bypass via cross-port interception — iOS 26.3.1 BSI (CVE-2026-20643) (github-poc-repo)
- WebKit NavigateEvent.canIntercept SOP bypass via cross-port interception — iOS 26.3.1 BSI (CVE-2026-20643) (github-poc-repo)
- WebKit NavigateEvent.canIntercept SOP bypass via cross-port interception — iOS 26.3.1 BSI (CVE-2026-20643) (github-poc-repo)
- WebKit NavigateEvent.canIntercept SOP bypass via cross-port interception — iOS 26.3.1 BSI (CVE-2026-20643) (github-poc)
- WebKit NavigateEvent.canIntercept SOP bypass via cross-port interception — iOS 26.3.1 BSI (CVE-2026-20643) (github-poc)
…and 89 more exploits
Timeline
- Apr 22, 2025 CVE ID Reserved
- Jan 9, 2026 CVE Published
- Jan 10, 2026 EPSS Score
- Jan 13, 2026 EPSS Score
- Jan 16, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 22, 2026 EPSS Score
- Jan 26, 2026 EPSS Score
- Jan 29, 2026 EPSS Score
- Feb 1, 2026 EPSS Score
- Feb 4, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
References
- https://support.apple.com/en-us/125891 technical
- https://support.apple.com/en-us/125892 technical
- https://support.apple.com/en-us/125889 url
- https://support.apple.com/en-us/125884 url
- https://support.apple.com/en-us/125886 url
- https://support.apple.com/en-us/125890 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-46299 advisory