CVE-2025-24209

HIGH

Safari < 18.4 - Buffer Overflow via Malicious Web Content

Title source: llm
STIX 2.1

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.

Scores

CVSS v3 7.0
EPSS 0.0083
EPSS Percentile 53.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-120
Status published
Products (11)
Apple/iOS and iPadOS < 18.4
apple/ipados < 17.7.6
Apple/iPadOS < 17.7.6
apple/iphone_os < 18.4
Apple/macOS < 15.4
apple/macos 15.0 - 15.4
apple/safari < 18.4
Apple/Safari < 18.4
apple/tvos < 18.4
Apple/tvOS < 18.4
... and 1 more
Published Mar 31, 2025
Tracked Since Feb 18, 2026