CVE-2025-24162

Exploited in the Wild

NIST CVSS Scores

CVSS v3.1 Base Score: 6.5 (Medium)

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA CVSS Scores

CVSS v3.1 Base Score: 6.5 (Medium)

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Operating Systems Impacted

macOS Sequoia (prior to 15.3)
iOS (prior to 18.3)
iPadOS (prior to 18.3)
visionOS (prior to 2.3)
watchOS (prior to 11.3)
tvOS (prior to 18.3)

Applications Impacted

Safari (prior to 18.3)

Additional Resources

NVD CVE-2025-24162
iOS 18.3 and iPadOS 18.3
macOS Sequoia 15.3
visionOS 2.3
watchOS 11.3
tvOS 18.3
Safari 18.3

Description

CVE-2025-24162 is a vulnerability in Apple's WebKit engine that could lead to an unexpected process crash when processing maliciously crafted web content. The issue was addressed by Apple through improved state management in the affected systems.

Impact

Exploitation of this vulnerability could lead to a denial-of-service condition by causing unexpected application termination. The severity of this issue has been assessed as follows: