CVE-2025-24167

Exploited in the Wild

CISA CVSS Scores

CVSS v3.1 Base Score: 9.8 (Critical)

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Operating Systems Impacted

iOS (prior to 18.4)
iPadOS (prior to 18.4)
macOS Sequoia (prior to 15.4)

Applications Impacted

Safari (prior to 18.4)

Additional Resources

NVD CVE-2025-24167
Safari 18.4
iOS 18.4 and iPadOS 18.4
macOS Sequoia 15.4

Description

CVE-2025-24167 is a security vulnerability in Apple's Safari browser and operating systems that could allow a download's origin to be incorrectly associated. The issue was addressed by Apple through improved state management in Safari 18.4, iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4.

Impact

Exploitation of this vulnerability could lead to a download's origin being incorrectly associated, potentially allowing malicious websites to bypass security restrictions. The severity of this issue has been assessed as follows: