CVE-2025-24167

Exploited in the Wild

CISA CVSS Scores

CVSS v3.1 Base Score: 9.8 (Critical)

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Operating Systems Impacted

iOS (prior to 18.4)
iPadOS (prior to 18.4)
macOS Sequoia (prior to 15.4)

Applications Impacted

Safari (prior to 18.4)

Additional Resources

NVD CVE-2025-24167
Safari 18.4
iOS 18.4 and iPadOS 18.4
macOS Sequoia 15.4

Description

CVE-2025-24167 is a security vulnerability in Apple's Safari browser and operating systems that could allow a download's origin to be incorrectly associated. The issue was addressed by Apple through improved state management in Safari 18.4, iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4.

Impact

Exploitation of this vulnerability could lead to a download's origin being incorrectly associated, potentially allowing malicious websites to bypass security restrictions. The severity of this issue has been assessed as follows:

Stay up to date

Iru's weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.

Description

Impact

CVE-2024-27883

CVE-2024-4558

CVE-2025-24162

Stay up to date