VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-c7j8-9stv-vybz

Essentials
Severities (36)
References (12)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-c7j8-9stv-vybz
Aliases	CVE-2025-43228
Summary	The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-451

User Interface (UI) Misrepresentation of Critical Information

System	Score	Found at
cvssv3	4.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43228.json
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43228.json
epss	0.00018	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00025	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00027	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2025-43228
cvssv3.1	4.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	4.3	https://support.apple.com/en-us/124147
ssvc	Track	https://support.apple.com/en-us/124147
cvssv3.1	4.3	https://support.apple.com/en-us/124152
ssvc	Track	https://support.apple.com/en-us/124152

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43228.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-43228
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-43228
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
124147		https://support.apple.com/en-us/124147
124152		https://support.apple.com/en-us/124152
2386275		https://bugzilla.redhat.com/show_bug.cgi?id=2386275
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
CVE-2025-43228		https://nvd.nist.gov/vuln/detail/CVE-2025-43228
USN-7702-1		https://usn.ubuntu.com/7702-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43228.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43228.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://support.apple.com/en-us/124147

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:24:35Z/ Found at https://support.apple.com/en-us/124147

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Found at https://support.apple.com/en-us/124152

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:24:35Z/ Found at https://support.apple.com/en-us/124152

Exploit Prediction Scoring System (EPSS)

Percentile	0.03147
EPSS Score	0.00018
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:18:04.805877+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2025/43xxx/CVE-2025-43228.json	37.0.0