CVE-2025-24180

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Safari versions prior to 18.4 visionOS versions prior to 2.4 iOS versions prior to 18.4 iPadOS versions prior to 18.4 macOS Sequoia versions prior to 15.4

Description The issue was addressed with improved input validation. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.

Recommendations For Safari versions prior to 18.4, update to Safari 18.4. For visionOS versions prior to 2.4, update to visionOS 2.4. For iOS versions prior to 18.4, update to iOS 18.4. For iPadOS versions prior to 18.4, update to iPadOS 18.4. For macOS Sequoia versions prior to 15.4, update to macOS Sequoia 15.4.

Fix

Open Redirect

RCE

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601CWE-20CWE-122

Related Identifiers

BDU:2025-05536

BDU:2025-05543

CVE-2025-24180

Affected Products

Apple Macos

Safari

Ios

Ipados

Macos Sequoia

Visionos

CVE-2025-24180

Weakness Enumeration

Related Identifiers

Affected Products

References · 20