CVE-2025-24192

Published: Mar 31, 2025Modified: Apr 2, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A script imports issue was addressed with improved isolation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. Visiting a website may leak sensitive data.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos, Safari, Visionos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 18.4
Apple Iphone Os	Before 18.4
Apple Macos	From 15.0 to 15.4
Apple Safari	Before 18.4
Apple Visionos	Before 2.4

References (8)

https://support.apple.com/en-us/122371

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/122373

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/122378

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/122379

Source: product-security@apple.com

Vendor Advisory

http://seclists.org/fulldisclosure/2025/Apr/12

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Apr/2

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Apr/4

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Apr/8

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.