Search for vulnerabilities
Vulnerability details: VCID-4pyf-eyb2-yfcq
Vulnerability ID VCID-4pyf-eyb2-yfcq
Aliases CVE-2025-24158
Summary The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24158.json
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
epss 0.00141 https://api.first.org/data/v1/epss?cve=CVE-2025-24158
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2025-24158
cvssv3.1 6.5 https://support.apple.com/en-us/122066
ssvc Track https://support.apple.com/en-us/122066
cvssv3.1 6.5 https://support.apple.com/en-us/122068
ssvc Track https://support.apple.com/en-us/122068
cvssv3.1 6.5 https://support.apple.com/en-us/122071
ssvc Track https://support.apple.com/en-us/122071
cvssv3.1 6.5 https://support.apple.com/en-us/122072
ssvc Track https://support.apple.com/en-us/122072
cvssv3.1 6.5 https://support.apple.com/en-us/122073
ssvc Track https://support.apple.com/en-us/122073
cvssv3.1 6.5 https://support.apple.com/en-us/122074
ssvc Track https://support.apple.com/en-us/122074
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24158.json
https://api.first.org/data/v1/epss?cve=CVE-2025-24158
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24158
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
122066 https://support.apple.com/en-us/122066
122068 https://support.apple.com/en-us/122068
122071 https://support.apple.com/en-us/122071
122072 https://support.apple.com/en-us/122072
122073 https://support.apple.com/en-us/122073
122074 https://support.apple.com/en-us/122074
2344623 https://bugzilla.redhat.com/show_bug.cgi?id=2344623
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2025-24158 https://nvd.nist.gov/vuln/detail/CVE-2025-24158
RHSA-2023:4201 https://access.redhat.com/errata/RHSA-2023:4201
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
RHSA-2025:2034 https://access.redhat.com/errata/RHSA-2025:2034
USN-7279-1 https://usn.ubuntu.com/7279-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24158.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-24158
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/122066
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T15:43:06Z/ Found at https://support.apple.com/en-us/122066
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/122068
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T15:43:06Z/ Found at https://support.apple.com/en-us/122068
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/122071
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T15:43:06Z/ Found at https://support.apple.com/en-us/122071
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/122072
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T15:43:06Z/ Found at https://support.apple.com/en-us/122072
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/122073
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T15:43:06Z/ Found at https://support.apple.com/en-us/122073
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://support.apple.com/en-us/122074
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-28T15:43:06Z/ Found at https://support.apple.com/en-us/122074
Exploit Prediction Scoring System (EPSS)
Percentile 0.35038
EPSS Score 0.00141
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:49:09.320411+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7279-1/ 37.0.0