Search for vulnerabilities
Vulnerability details: VCID-gh84-q8xn-eqbm
Vulnerability ID VCID-gh84-q8xn-eqbm
Aliases CVE-2025-24223
Summary The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24223.json
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00026 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00028 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00029 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.0003 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
epss 0.00033 https://api.first.org/data/v1/epss?cve=CVE-2025-24223
cvssv3.1 8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
archlinux High https://security.archlinux.org/AVG-2863
archlinux High https://security.archlinux.org/AVG-2864
archlinux High https://security.archlinux.org/AVG-2865
archlinux High https://security.archlinux.org/AVG-2866
cvssv3.1 8 https://support.apple.com/en-us/122404
ssvc Track https://support.apple.com/en-us/122404
cvssv3.1 8 https://support.apple.com/en-us/122716
ssvc Track https://support.apple.com/en-us/122716
cvssv3.1 8 https://support.apple.com/en-us/122719
ssvc Track https://support.apple.com/en-us/122719
cvssv3.1 8 https://support.apple.com/en-us/122720
ssvc Track https://support.apple.com/en-us/122720
cvssv3.1 8 https://support.apple.com/en-us/122721
ssvc Track https://support.apple.com/en-us/122721
cvssv3.1 8 https://support.apple.com/en-us/122722
ssvc Track https://support.apple.com/en-us/122722
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24223.json
https://api.first.org/data/v1/epss?cve=CVE-2025-24223
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24223
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://support.apple.com/en-us/122404
https://support.apple.com/en-us/122716
https://support.apple.com/en-us/122719
https://support.apple.com/en-us/122720
https://support.apple.com/en-us/122721
https://support.apple.com/en-us/122722
2366499 https://bugzilla.redhat.com/show_bug.cgi?id=2366499
AVG-2863 https://security.archlinux.org/AVG-2863
AVG-2864 https://security.archlinux.org/AVG-2864
AVG-2865 https://security.archlinux.org/AVG-2865
AVG-2866 https://security.archlinux.org/AVG-2866
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2025-24223 https://nvd.nist.gov/vuln/detail/CVE-2025-24223
RHSA-2023:4201 https://access.redhat.com/errata/RHSA-2023:4201
RHSA-2023:4202 https://access.redhat.com/errata/RHSA-2023:4202
RHSA-2024:8496 https://access.redhat.com/errata/RHSA-2024:8496
RHSA-2024:9653 https://access.redhat.com/errata/RHSA-2024:9653
RHSA-2024:9679 https://access.redhat.com/errata/RHSA-2024:9679
RHSA-2024:9680 https://access.redhat.com/errata/RHSA-2024:9680
USN-7566-1 https://usn.ubuntu.com/7566-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24223.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122404
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122404
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122716
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122716
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122719
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122719
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122720
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122720
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122721
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122721
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122722
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-13T14:41:21Z/ Found at https://support.apple.com/en-us/122722
Exploit Prediction Scoring System (EPSS)
Percentile 0.05597
EPSS Score 0.00026
Published At May 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-05-13T07:23:00.432600+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2025-24223 36.0.0