CVE-2025-24225

Published: May 12, 2025Modified: Apr 2, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An injection issue was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing an email may lead to user interface spoofing.

Affected (3)

Products: Apple: Ipados, Iphone Os

Apple

2 products

Ipados

Iphone Os

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 17.7.7
Apple Ipados	From 18.0 to 18.5
Apple Iphone Os	Before 18.5

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (3)

https://support.apple.com/en-us/122404

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122405

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2025/May/6

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.