VDB
DEBIAN-CVE-2025-43227
DEBIAN-CVE-2025-43227
PUBLISHED
CVSS 7.5 HIGH
This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may disclose sensitive user information.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | webkit2gtk | 2.44.3-1, *, * |
| Debian:14 | webkit2gtk | 0, 2.48.5-1~deb11u1, 2.48.3-1 |
| Debian:11 | webkit2gtk | 2.38.4-2, *, * |
| Debian:13 | wpewebkit | 2.50.3-1, 2.52.3-1, 2.52.2-2 |
| Debian:14 | wpewebkit | 2.48.3-1, 0, 2.48.3-1 |
| Debian:12 | wpewebkit | 2.44.4-1, 2.44.3-1, 2.44.2-2 |
| Debian:11 | wpewebkit | *, 2.38.4-1, 2.38.4-1 |
| Debian:13 | webkit2gtk | 0, 2.48.3-1, 2.48.5-1~deb11u1 |
Exploit Intelligence
- macos_v2_generated.go (github-poc)
- macos_v1_generated.go (github-poc)
- ios_v2_generated.go (github-poc)
- ios_v1_generated.go (github-poc)
- visionos_v2_generated.go (github-poc)
- safari_v2_generated.go (github-poc)
- watchos_v2_generated.go (github-poc)
- tvos_v2_generated.go (github-poc)
Timeline
- Jul 30, 2025 CVE Published
- Apr 28, 2026 CVE Updated