PT-2025-44901 · Apple+4 · Tvos+10

Aleksejs Popovs

Published

2024-10-14

Updated

2026-01-20

CVE-2025-43480

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.1 visionOS versions prior to 26.1 watchOS versions prior to 26.1 iOS versions prior to 26.1 iPadOS versions prior to 26.1 tvOS versions prior to 26.1

Description A malicious website may be able to exfiltrate data cross-origin due to insufficient checks. The issue was addressed with improved checks.

Recommendations Update Safari to version 26.1. Update visionOS to version 26.1. Update watchOS to version 26.1. Update iOS to version 26.1. Update iPadOS to version 26.1. Update tvOS to version 26.1.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-942

Related Identifiers

ALSA-2025:22789

ALSA-2025:22790

BDU:2025-13967

CVE-2025-43480

DSA-5792-1

OPENSUSE-SU-2026:20065-1

RHSA-2024:8180

RHSA-2024:8492

RHSA-2024:8496

RHSA-2024:9553

RHSA-2024:9636

RHSA-2024:9646

RHSA-2024:9653

RHSA-2024:9679

RHSA-2024:9680

RHSA-2025:10364

SUSE-SU-2025:4416-1

SUSE-SU-2025:4423-1

SUSE-SU-2026:0021-1

SUSE-SU-2026:20102-1

Affected Products

Almalinux

Centos

Debian

Apple Macos

Red Hat

Safari

Ios

Ipados

Tvos

Visionos

Watchos

PT-2025-44901 · Apple+4 · Tvos+10

CVE-2025-43480

Weakness Enumeration

Related Identifiers

Affected Products

References · 134