Search for vulnerabilities
Vulnerability details: VCID-53eh-h9e9-n3c2
Vulnerability ID VCID-53eh-h9e9-n3c2
Aliases CVE-2025-24223
Summary The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24223.json
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00035 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
cvssv3.1 8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-2863
archlinux High https://security.archlinux.org/AVG-2864
archlinux High https://security.archlinux.org/AVG-2865
archlinux High https://security.archlinux.org/AVG-2866
cvssv3.1 8 https://support.apple.com/en-us/122404
ssvc Track https://support.apple.com/en-us/122404
cvssv3.1 8 https://support.apple.com/en-us/122716
ssvc Track https://support.apple.com/en-us/122716
cvssv3.1 8 https://support.apple.com/en-us/122719
ssvc Track https://support.apple.com/en-us/122719
cvssv3.1 8 https://support.apple.com/en-us/122720
ssvc Track https://support.apple.com/en-us/122720
cvssv3.1 8 https://support.apple.com/en-us/122721
ssvc Track https://support.apple.com/en-us/122721
cvssv3.1 8 https://support.apple.com/en-us/122722
ssvc Track https://support.apple.com/en-us/122722
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24223.json
https://api.first.org/data/v1/epss?cve=CVE-2025-24223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24223
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
122404 https://support.apple.com/en-us/122404
122716 https://support.apple.com/en-us/122716
122719 https://support.apple.com/en-us/122719
122720 https://support.apple.com/en-us/122720
122721 https://support.apple.com/en-us/122721
122722 https://support.apple.com/en-us/122722
2366499 https://bugzilla.redhat.com/show_bug.cgi?id=2366499
AVG-2863 https://security.archlinux.org/AVG-2863
AVG-2864 https://security.archlinux.org/AVG-2864
AVG-2865 https://security.archlinux.org/AVG-2865
AVG-2866 https://security.archlinux.org/AVG-2866
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2025-24223 https://nvd.nist.gov/vuln/detail/CVE-2025-24223
RHSA-2023:4201 https://access.redhat.com/errata/RHSA-2023:4201
RHSA-2023:4202 https://access.redhat.com/errata/RHSA-2023:4202
RHSA-2024:8496 https://access.redhat.com/errata/RHSA-2024:8496
RHSA-2024:9653 https://access.redhat.com/errata/RHSA-2024:9653
RHSA-2024:9679 https://access.redhat.com/errata/RHSA-2024:9679
RHSA-2024:9680 https://access.redhat.com/errata/RHSA-2024:9680
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
USN-7566-1 https://usn.ubuntu.com/7566-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24223.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122404
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122404
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122716
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122716
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122719
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122719
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122720
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122720
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122721
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122721
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122722
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122722
Exploit Prediction Scoring System (EPSS)
Percentile 0.08315
EPSS Score 0.00035
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:54:44.252676+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/7566-1/ 37.0.0