Description
The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead to user interface spoofing.
Published: 2025-01-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: User Interface Spoofing
Action: Apply Patch
AI Analysis

Impact

A flaw in the way Safari and related Apple operating systems render web pages allows a malicious site to spoof the user interface. By visiting such a site, a user can be tricked into interacting with forged controls or content that appears to belong to the operating system or a trusted application. The vulnerability does not directly expose data or allow code execution, but it undermines user trust and can facilitate phishing or credential theft.

Affected Systems

Apple Safari (patched in 18.3 and 18.4), iOS (patched in 18.3 and 18.4), iPadOS (patched in 18.3, 18.4, and 17.7.6), macOS Sequoia (patched in 15.3 and 15.4), visionOS (patched in 2.3 and 2.4) and watchOS (patched in 11.4). Current versions above the listed patches are considered secure. Those running earlier versions remain vulnerable.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity. The EPSS estimate of less than 1% suggests that widespread exploitation is currently unlikely. The vulnerability is not listed in CISA’s KEV catalog. Attackers typically exploit it by embedding deceptive UI elements on a web page, so a user who visits a malicious website can be deceived. The exploitation requires no special privileges and can be performed from any device running the affected software.

Generated by OpenCVE AI on April 29, 2026 at 01:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Safari to version 18.3 or later
  • Update iOS to version 18.3 or later
  • Update iPadOS to version 17.7.6 or later
  • Patch macOS Sequoia to version 15.3 or later
  • Upgrade visionOS to version 2.3 or later
  • Upgrade watchOS to version 11.4 or later

Generated by OpenCVE AI on April 29, 2026 at 01:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3625 The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.
History

Wed, 29 Apr 2026 01:30:00 +0000

Type Values Removed Values Added
Title Apple UI Spoofing via Safari and Apple Operating Systems

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing. The issue was addressed with improved UI. This issue is fixed in Safari 18.3, Safari 18.4, iOS 18.3 and iPadOS 18.3, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sequoia 15.4, visionOS 2.3, visionOS 2.4, watchOS 11.4. Visiting a malicious website may lead to user interface spoofing.
References

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 31 Jan 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Jan 2025 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple visionos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple visionos
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved UI. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. Visiting a malicious website may lead to user interface spoofing.
References

Subscriptions

Apple Ipados Iphone Os Macos Safari Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:08:25.363Z

Reserved: 2025-01-17T00:00:44.970Z

Link: CVE-2025-24113

cve-icon Vulnrichment

Updated: 2025-11-03T21:01:50.494Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:16.530

Modified: 2026-04-02T19:19:01.307

Link: CVE-2025-24113

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T01:15:44Z

Weaknesses