CVE-2025-24208

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Safari versions prior to 18.4 iOS versions prior to 18.4 iPadOS versions prior to 18.4

Description A permissions issue was addressed with additional restrictions. Loading a malicious iframe may lead to a cross-site scripting attack.

Recommendations For Safari versions prior to 18.4, update to Safari 18.4 to resolve the issue. For iOS versions prior to 18.4, update to iOS 18.4 to resolve the issue. For iPadOS versions prior to 18.4, update to iPadOS 18.4 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2025:3713

ALSA-2025:3974

ALSA-2025:7387

BDU:2025-05568

CESA-2025_3974

CVE-2025-24208

DLA-4218-1

DSA-5899-1

INFSA-2025_3713

INFSA-2025_3974

INFSA-2025_7387

MGASA-2025-0313

OPENSUSE-SU-2025_1331-1

OPENSUSE-SU-2025_1336-1

RHSA-2025:10364

RHSA-2025:3713

RHSA-2025:3755

RHSA-2025:3756

RHSA-2025:3974

RHSA-2025:4445

RHSA-2025:7387

RHSA-2025:8064

RHSA-2025:8065

RHSA-2025:8066

RHSA-2025:8194

RHSA-2025_3713

RHSA-2025_3974

RHSA-2025_7387

SUSE-SU-2025:1265-1

SUSE-SU-2025:1325-1

SUSE-SU-2025:1331-1

SUSE-SU-2025:1336-1

SUSE-SU-2025_1265-1

SUSE-SU-2025_1325-1

SUSE-SU-2025_1331-1

SUSE-SU-2025_1336-1

USN-7436-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Safari

Suse

Ubuntu

Ios

Ipados

CVE-2025-24208

Weakness Enumeration

Related Identifiers

Affected Products

References · 95