VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-een8-44f2-ybhf

Essentials
Severities (38)
References (36)
Severity details (19)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-een8-44f2-ybhf
Aliases	CVE-2025-24201
Summary	An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
Status	Published
Exploitability	2.0
Weighted Severity	7.9
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-787

Out-of-bounds Write

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.0004	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00049	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2025-24201
cvssv3.1	7.1	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2025-24201
cvssv3.1	7.1	https://support.apple.com/en-us/122281
ssvc	Attend	https://support.apple.com/en-us/122281
cvssv3.1	7.1	https://support.apple.com/en-us/122283
ssvc	Attend	https://support.apple.com/en-us/122283
cvssv3.1	7.1	https://support.apple.com/en-us/122284
ssvc	Attend	https://support.apple.com/en-us/122284
cvssv3.1	7.1	https://support.apple.com/en-us/122285
ssvc	Attend	https://support.apple.com/en-us/122285
cvssv3.1	7.1	https://support.apple.com/en-us/122345
ssvc	Attend	https://support.apple.com/en-us/122345
cvssv3.1	7.1	https://support.apple.com/en-us/122346
ssvc	Attend	https://support.apple.com/en-us/122346
cvssv3.1	7.1	https://support.apple.com/en-us/122372
ssvc	Attend	https://support.apple.com/en-us/122372
cvssv3.1	7.1	https://support.apple.com/en-us/122376
ssvc	Attend	https://support.apple.com/en-us/122376

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-24201
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24201
		http://seclists.org/fulldisclosure/2025/Apr/16
		http://seclists.org/fulldisclosure/2025/Mar/2
		http://seclists.org/fulldisclosure/2025/Mar/3
		http://seclists.org/fulldisclosure/2025/Mar/4
		http://seclists.org/fulldisclosure/2025/Mar/5
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
122281		https://support.apple.com/en-us/122281
122283		https://support.apple.com/en-us/122283
122284		https://support.apple.com/en-us/122284
122285		https://support.apple.com/en-us/122285
122345		https://support.apple.com/en-us/122345
122346		https://support.apple.com/en-us/122346
122372		https://support.apple.com/en-us/122372
122376		https://support.apple.com/en-us/122376
2351802		https://bugzilla.redhat.com/show_bug.cgi?id=2351802
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:visionos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos::::::::
cpe:2.3:o:apple:watchos:11.4:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:11.4:::::::*
CVE-2025-24201		https://nvd.nist.gov/vuln/detail/CVE-2025-24201
RHSA-2025:10364		https://access.redhat.com/errata/RHSA-2025:10364
RHSA-2025:2863		https://access.redhat.com/errata/RHSA-2025:2863
RHSA-2025:2864		https://access.redhat.com/errata/RHSA-2025:2864
RHSA-2025:2997		https://access.redhat.com/errata/RHSA-2025:2997
RHSA-2025:2998		https://access.redhat.com/errata/RHSA-2025:2998
RHSA-2025:3000		https://access.redhat.com/errata/RHSA-2025:3000
RHSA-2025:3001		https://access.redhat.com/errata/RHSA-2025:3001
RHSA-2025:3002		https://access.redhat.com/errata/RHSA-2025:3002
RHSA-2025:3005		https://access.redhat.com/errata/RHSA-2025:3005
RHSA-2025:3034		https://access.redhat.com/errata/RHSA-2025:3034
USN-7395-1		https://usn.ubuntu.com/7395-1/

Data source	KEV
Date added	March 13, 2025
Description	Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action	Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date	April 3, 2025
Note	https://support.apple.com/en-us/122281 ; https://support.apple.com/en-us/122283 ; https://support.apple.com/en-us/122284 ; https://support.apple.com/en-us/122285 ; ; https://nvd.nist.gov/vuln/detail/CVE-2025-24201
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-24201

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122281

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-14T03:55:20Z/ Found at https://support.apple.com/en-us/122281

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122283

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-14T03:55:20Z/ Found at https://support.apple.com/en-us/122283

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122284

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-14T03:55:20Z/ Found at https://support.apple.com/en-us/122284

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122285

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-14T03:55:20Z/ Found at https://support.apple.com/en-us/122285

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122345

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-14T03:55:20Z/ Found at https://support.apple.com/en-us/122345

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122346

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-14T03:55:20Z/ Found at https://support.apple.com/en-us/122346

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122372

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-14T03:55:20Z/ Found at https://support.apple.com/en-us/122372

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122376

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-14T03:55:20Z/ Found at https://support.apple.com/en-us/122376

Exploit Prediction Scoring System (EPSS)

Percentile	0.11081
EPSS Score	0.0004
Published At	Aug. 7, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:29:03.675624+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/edge/community.json	37.0.0