CVE-2022-48503
HIGH KEVSafari < 15.6 - Remote Code Execution via Array Index Validation Issue
Title source: llmExploitation Summary
CVE-2022-48503 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added October 20, 2025.
Description
The issue was addressed with improved bounds checks. This issue is fixed in tvOS 15.6, watchOS 8.7, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing web content may lead to arbitrary code execution.
References (6)
Core 6
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213340
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213341
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213342
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213345
Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT213346
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-48503
Scores
CVSS v3
8.8
EPSS
0.0015
EPSS Percentile
36.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2025-10-20
VulnCheck KEV
2025-10-20
ENISA EUVD
EUVD-2022-51199
CWE
CWE-129
Status
published
Products (6)
apple/ipados
< 15.6
apple/iphone_os
< 15.6
apple/macos
12.0.0 - 12.5
apple/safari
< 15.6
apple/tvos
< 15.6
apple/watchos
< 8.7
Published
Aug 14, 2023
KEV Added
Oct 20, 2025
Tracked Since
Feb 18, 2026