CVE-2025-43229

Published: Jul 30, 2025Modified: Apr 2, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

This issue was addressed through improved state management. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. Processing maliciously crafted web content may lead to universal cross site scripting.

Affected (2)

Products: Apple: Macos, Safari

Apple

2 products

Macos

Safari

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 15.6
Apple Safari	Before 18.6

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://support.apple.com/en-us/124149

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/124152

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2025/Aug/0

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Jul/32

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.