CVE-2025-24158 - Vulnerability Details

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Ipados Iphone Os Macos Safari Tvos Visionos Watchos
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.46.6-1.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:2034	2025-03-03T00:00:00Z

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-24158
https://support.apple.com/en-us/122066
https://support.apple.com/en-us/122068
https://support.apple.com/en-us/122071
https://support.apple.com/en-us/122072
https://support.apple.com/en-us/122073
https://support.apple.com/en-us/122074
https://webkitgtk.org/security/WSA-2025-0001.html
https://www.cve.org/CVERecord?id=CVE-2025-24158

History

Sat, 05 Apr 2025 15:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:enterprise_linux:9~~

Sat, 22 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-79

Wed, 12 Mar 2025 07:00:00 +0000

Type	Values Removed	Values Added
References		https://webkitgtk.org/security/WSA-2025-0001.html

Tue, 04 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Mon, 03 Mar 2025 23:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos Apple safari Apple tvos Apple visionos Apple watchos
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:apple:safari:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:watchos::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos Apple safari Apple tvos Apple visionos Apple watchos

Wed, 12 Feb 2025 13:45:00 +0000

Type	Values Removed	Values Added
Title		webkitgtk: Processing web content may lead to a denial-of-service
References		https://nvd.nist.gov/vuln/detail/CVE-2025-24158 https://www.cve.org/CVERecord?id=CVE-2025-24158
Metrics	threat_severity `None`	threat_severity `Moderate`

Tue, 28 Jan 2025 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-770
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 27 Jan 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Processing web content may lead to a denial-of-service.
References		https://support.apple.com/en-us/122066 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122071 https://support.apple.com/en-us/122072 https://support.apple.com/en-us/122073 https://support.apple.com/en-us/122074

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-01-27T21:45:49.015Z

Updated: 2025-03-22T14:43:55.828Z

Reserved: 2025-01-17T00:00:44.987Z

Link: CVE-2025-24158

Vulnrichment

Updated: 2025-01-28T15:43:58.551Z

NVD

Status : Modified

Published: 2025-01-27T22:15:19.800

Modified: 2025-03-22T15:15:38.440

Link: CVE-2025-24158

Redhat

Severity : Moderate

Publid Date: 2025-01-27T21:45:49Z

Links: CVE-2025-24158 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object