Search for vulnerabilities
Vulnerability details: VCID-gujy-esz6-vbdr
Vulnerability ID VCID-gujy-esz6-vbdr
Aliases CVE-2025-24201
Summary webkitgtk: out-of-bounds write vulnerability
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00068 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00096 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00129 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.0013 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00136 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00158 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00182 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00214 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
epss 0.00438 https://api.first.org/data/v1/epss?cve=CVE-2025-24201
cvssv3.1 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2025-24201
cvssv3.1 7.1 https://support.apple.com/en-us/122281
ssvc Attend https://support.apple.com/en-us/122281
cvssv3.1 7.1 https://support.apple.com/en-us/122283
ssvc Attend https://support.apple.com/en-us/122283
cvssv3.1 7.1 https://support.apple.com/en-us/122284
ssvc Attend https://support.apple.com/en-us/122284
cvssv3.1 7.1 https://support.apple.com/en-us/122285
ssvc Attend https://support.apple.com/en-us/122285
cvssv3.1 7.1 https://support.apple.com/en-us/122345
ssvc Attend https://support.apple.com/en-us/122345
cvssv3.1 7.1 https://support.apple.com/en-us/122346
ssvc Attend https://support.apple.com/en-us/122346
cvssv3.1 7.1 https://support.apple.com/en-us/122372
ssvc Attend https://support.apple.com/en-us/122372
cvssv3.1 7.1 https://support.apple.com/en-us/122376
ssvc Attend https://support.apple.com/en-us/122376
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json
https://api.first.org/data/v1/epss?cve=CVE-2025-24201
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24201
http://seclists.org/fulldisclosure/2025/Apr/16
http://seclists.org/fulldisclosure/2025/Mar/2
http://seclists.org/fulldisclosure/2025/Mar/3
http://seclists.org/fulldisclosure/2025/Mar/4
http://seclists.org/fulldisclosure/2025/Mar/5
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
122281 https://support.apple.com/en-us/122281
122283 https://support.apple.com/en-us/122283
122284 https://support.apple.com/en-us/122284
122285 https://support.apple.com/en-us/122285
122345 https://support.apple.com/en-us/122345
122346 https://support.apple.com/en-us/122346
122372 https://support.apple.com/en-us/122372
122376 https://support.apple.com/en-us/122376
2351802 https://bugzilla.redhat.com/show_bug.cgi?id=2351802
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:11.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:11.4:*:*:*:*:*:*:*
CVE-2025-24201 https://nvd.nist.gov/vuln/detail/CVE-2025-24201
RHSA-2025:2863 https://access.redhat.com/errata/RHSA-2025:2863
RHSA-2025:2864 https://access.redhat.com/errata/RHSA-2025:2864
RHSA-2025:2997 https://access.redhat.com/errata/RHSA-2025:2997
RHSA-2025:2998 https://access.redhat.com/errata/RHSA-2025:2998
RHSA-2025:3000 https://access.redhat.com/errata/RHSA-2025:3000
RHSA-2025:3001 https://access.redhat.com/errata/RHSA-2025:3001
RHSA-2025:3002 https://access.redhat.com/errata/RHSA-2025:3002
RHSA-2025:3005 https://access.redhat.com/errata/RHSA-2025:3005
RHSA-2025:3034 https://access.redhat.com/errata/RHSA-2025:3034
USN-7395-1 https://usn.ubuntu.com/7395-1/
Data source KEV
Date added March 13, 2025
Description Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Due date April 3, 2025
Note 
https://support.apple.com/en-us/122281 ; https://support.apple.com/en-us/122283 ; https://support.apple.com/en-us/122284 ; https://support.apple.com/en-us/122285 ; ; https://nvd.nist.gov/vuln/detail/CVE-2025-24201
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-24201
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122281
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-13T20:17:10Z/ Found at https://support.apple.com/en-us/122281
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122283
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-13T20:17:10Z/ Found at https://support.apple.com/en-us/122283
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122284
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-13T20:17:10Z/ Found at https://support.apple.com/en-us/122284
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122285
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-13T20:17:10Z/ Found at https://support.apple.com/en-us/122285
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122345
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-13T20:17:10Z/ Found at https://support.apple.com/en-us/122345
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122346
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-13T20:17:10Z/ Found at https://support.apple.com/en-us/122346
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122372
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-13T20:17:10Z/ Found at https://support.apple.com/en-us/122372
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/122376
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-03-13T20:17:10Z/ Found at https://support.apple.com/en-us/122376
Exploit Prediction Scoring System (EPSS)
Percentile 0.21493
EPSS Score 0.00068
Published At April 23, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-03-28T05:41:56.468204+00:00 RedHat Importer Import https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24201.json 36.0.0