{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24162", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-01-17T00:00:44.988Z", "datePublished": "2025-01-27T21:45:54.015Z", "dateUpdated": "2025-02-18T19:18:58.406Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may lead to an unexpected process crash"}]}], "affected": [{"vendor": "Apple", "product": "visionOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "2.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "18.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "15.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "18.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "11.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "18.3", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash."}], "references": [{"url": "https://support.apple.com/en-us/122073"}, {"url": "https://support.apple.com/en-us/122072"}, {"url": "https://support.apple.com/en-us/122068"}, {"url": "https://support.apple.com/en-us/122074"}, {"url": "https://support.apple.com/en-us/122071"}, {"url": "https://support.apple.com/en-us/122066"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-01-27T21:45:54.015Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-28T15:31:32.056104Z", "id": "CVE-2025-24162", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-18T19:18:58.406Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24162", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-28T15:31:32.056104Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-28T15:33:23.467Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "visionOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "2.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "11.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.3", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122073"}, {"url": "https://support.apple.com/en-us/122072"}, {"url": "https://support.apple.com/en-us/122068"}, {"url": "https://support.apple.com/en-us/122074"}, {"url": "https://support.apple.com/en-us/122071"}, {"url": "https://support.apple.com/en-us/122066"}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may lead to an unexpected process crash"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-01-27T21:45:54.015Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24162", "state": "PUBLISHED", "dateUpdated": "2025-02-18T19:18:58.406Z", "dateReserved": "2025-01-17T00:00:44.988Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-01-27T21:45:54.015Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "0384B3A1-9447-4020-A798-38CB2348F67B", "versionEndExcluding": "18.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", "versionEndExcluding": "18.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "71A94ACA-8143-475F-8A89-8020B86CE80B", "versionEndExcluding": "18.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", "versionEndExcluding": "15.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "60C0BA29-0969-4181-B6F1-4606986B18E4", "versionEndExcluding": "18.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", "versionEndExcluding": "2.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A128237-004C-49D7-A559-5BBC38362361", "versionEndExcluding": "11.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash."}, {"lang": "es", "value": "Este problema se solucion\u00f3 mediante con una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en visionOS 2.3, Safari 18.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El procesamiento malintencionado de contenido web manipulado puede provocar un bloqueo inesperado del proceso."}], "id": "CVE-2025-24162", "lastModified": "2025-03-03T22:45:11.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-27T22:15:20.167", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122066"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122068"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122071"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122072"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122073"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122074"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:2034", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.46.6-1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1960", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "webkit2gtk3-0:2.46.6-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1959", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "webkit2gtk3-0:2.46.6-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1959", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "webkit2gtk3-0:2.46.6-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1959", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "webkit2gtk3-0:2.46.6-1.el8_4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:2121", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "webkit2gtk3-0:2.46.6-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:2121", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "webkit2gtk3-0:2.46.6-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:2121", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "webkit2gtk3-0:2.46.6-1.el8_6", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1958", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "webkit2gtk3-0:2.46.6-1.el8_8", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:2035", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.46.6-1.el9_5", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:1957", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "webkit2gtk3-0:2.46.6-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:2126", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "webkit2gtk3-0:2.46.6-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-03T00:00:00Z"}, {"advisory": "RHSA-2025:2125", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "webkit2gtk3-0:2.46.6-1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-03T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash", "id": "2344624", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344624"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-119", "details": ["This issue was addressed through improved state management. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing maliciously crafted web content may lead to an unexpected process crash.", "A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper state management."], "mitigation": {"lang": "en:us", "value": "Do not process or load untrusted web content with WebKitGTK."}, "name": "CVE-2025-24162", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2025-01-27T21:45:54Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-24162\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-24162\nhttps://support.apple.com/en-us/122066\nhttps://support.apple.com/en-us/122068\nhttps://support.apple.com/en-us/122071\nhttps://support.apple.com/en-us/122072\nhttps://support.apple.com/en-us/122073\nhttps://support.apple.com/en-us/122074\nhttps://webkitgtk.org/security/WSA-2025-0001.html"], "statement": "To exploit this flaw, an attacker needs to trick a user into processing or loading malicious web content.", "threat_severity": "Important"}