CVE-2025-24201 - Vulnerability Details

- webkitgtk: out-of-bounds write vulnerability

Description

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).

Published: 2025-03-11

Score: 10 Critical

EPSS: < 1% Very Low

KEV: Yes

Impact:

Action:

Analysis

Impact

An out‑of‑bounds write in WebKitGTK allows maliciously crafted web content to breach the Web Content sandbox, giving an attacker the ability to execute code with the privileges of the host process. The failure of the boundary checks could therefore lead to arbitrary code execution or privilege escalation when rendering unsuspecting web pages.

Affected Systems

The flaw is present in Apple’s WebKit-based products: Safari, iOS, iPadOS, macOS, visionOS, and watchOS in the versions listed by Apple. It also affects Linux distributions that ship the WebKitGTK runtime, notably RedHat Enterprise Linux 8 and 9 and several extended‑service variants, as the CPE list indicates. These systems expose the vulnerable component through standard web‐content rendering paths, including browsers, built‑in web views, and any application that embeds WebKitGTK.

Risk and Exploitability

With a CVSS score of 10, the vulnerability is classified as critical, and an EPSS score of less than 1% indicates low predicted exploitation frequency at this time. Nevertheless, the vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog, confirming that it has been actively leveraged by attackers. The likely attack vector involves delivering specially crafted web content—through a website, malicious email attachment, or any other channel that renders web pages—to a user’s device, where the web process can escape the sandbox and run arbitrary code.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

Safari

affected

Version	Status	Constraints
`0`	affected	< 18.3.1

Apple

iOS and iPadOS

affected

Version	Status	Constraints
`0`	affected	< 15.8.4
`0`	affected	< 16.7.11
`0`	affected	< 18.3.2

Apple

iPadOS

affected

Version	Status	Constraints
`0`	affected	< 17.7.6

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 15.3.2

Apple

visionOS

affected

Version	Status	Constraints
`0`	affected	< 2.3.2

Apple

watchOS

affected

Version	Status	Constraints
`0`	affected	< 11.4

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

Configuration 2 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::

Configuration 3 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
webkitgtk4-0:2.48.3-2.el7_9	cpe:/o:redhat:rhel_els:7	RHSA-2025:10364	2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.46.6-2.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:2863	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
webkit2gtk3-0:2.46.6-2.el8_2	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:3002	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
webkit2gtk3-0:2.46.6-2.el8_4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:3005	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
webkit2gtk3-0:2.46.6-2.el8_4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:3005	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
webkit2gtk3-0:2.46.6-2.el8_4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:3005	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
webkit2gtk3-0:2.46.6-2.el8_6	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:3034	2025-03-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
webkit2gtk3-0:2.46.6-2.el8_6	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:3034	2025-03-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
webkit2gtk3-0:2.46.6-2.el8_6	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:3034	2025-03-19T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
webkit2gtk3-0:2.46.6-2.el8_8	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:2998	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 9
webkit2gtk3-0:2.46.6-2.el9_5	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:2864	2025-03-17T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
webkit2gtk3-0:2.46.6-2.el9_0	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:3000	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
webkit2gtk3-0:2.46.6-2.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:3001	2025-03-18T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
webkit2gtk3-0:2.46.6-2.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:2997	2025-03-18T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Safari to version 18.3.1 or later.
Upgrade iOS, iPadOS, and watchOS to 18.3.2 or later (including the 15.8.4 and 16.7.11 patches as interim steps).
Upgrade macOS to 15.3.2, visionOS to 2.3.2, and watchOS to 11.4 or later.

Generated by OpenCVE AI on April 28, 2026 at 03:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-4218-1	webkit2gtk security update
Debian DSA	DSA-5877-1	chromium security update
Debian DSA	DSA-5885-1	webkit2gtk security update
EUVD	EUVD-2025-6302	An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
Ubuntu USN	USN-7395-1	WebKitGTK vulnerabilities

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since March 13, 2025.

The EPSS score is 0.00238.

Exploitation active

Automatable yes

Technical Impact total

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Apr/16
http://seclists.org/fulldisclosure/2025/Apr/7
http://seclists.org/fulldisclosure/2025/Jun/19
http://seclists.org/fulldisclosure/2025/Mar/2
http://seclists.org/fulldisclosure/2025/Mar/3
http://seclists.org/fulldisclosure/2025/Mar/4
http://seclists.org/fulldisclosure/2025/Mar/5
http://seclists.org/fulldisclosure/2025/Oct/1
http://seclists.org/fulldisclosure/2025/Oct/31
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201
https://github.com/cisagov/vulnrichment/issues/194
https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2025-24201
https://support.apple.com/en-us/122281
https://support.apple.com/en-us/122283
https://support.apple.com/en-us/122284
https://support.apple.com/en-us/122285
https://support.apple.com/en-us/122345
https://support.apple.com/en-us/122346
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122376
https://webkitgtk.org/security/WSA-2025-0002.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24201
https://www.cve.org/CVERecord?id=CVE-2025-24201

History

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).	An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).

Thu, 13 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		https://github.com/cisagov/vulnrichment/issues/194

Wed, 12 Nov 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 11 Nov 2025 15:30:00 +0000

Type	Values Removed	Values Added
References		https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201

Tue, 04 Nov 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Debian Debian debian Linux
CPEs	cpe:2.3:o:apple:watchos:11.4:::::::*	cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:debian:debian_linux:11.0:::::::*
Vendors & Products		Debian Debian debian Linux

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Apr/7

Mon, 03 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Jun/19 https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html

Mon, 03 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Oct/1

Mon, 03 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Oct/31

Tue, 21 Oct 2025 23:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24201

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24201

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24201

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00044}`	epss `{'score': 0.00064}`

Mon, 07 Jul 2025 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs		cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els

Thu, 17 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple watchos
CPEs		cpe:2.3:o:apple:watchos:11.4:::::::*
Vendors & Products		Apple watchos

Sun, 13 Apr 2025 20:45:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Apr/16

Fri, 11 Apr 2025 13:30:00 +0000

Type	Values Removed	Values Added
Description	An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).	An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11 and iPadOS 16.7.11, iOS 15.8.4 and iPadOS 15.8.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
References		https://support.apple.com/en-us/122345 https://support.apple.com/en-us/122346 https://support.apple.com/en-us/122372 https://support.apple.com/en-us/122376

Fri, 21 Mar 2025 07:00:00 +0000

Type	Values Removed	Values Added
References		https://webkitgtk.org/security/WSA-2025-0002.html

Thu, 20 Mar 2025 15:45:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Mar/5

Thu, 20 Mar 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Mar/2 http://seclists.org/fulldisclosure/2025/Mar/3 http://seclists.org/fulldisclosure/2025/Mar/4

Wed, 19 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_tus:8.6

Tue, 18 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 cpe:/a:redhat:rhel_tus:8.4
Vendors & Products		Redhat rhel Aus Redhat rhel E4s Redhat rhel Eus Redhat rhel Tus

Mon, 17 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux

Fri, 14 Mar 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos Apple safari Apple visionos
CPEs		cpe:2.3:a:apple:safari:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:visionos::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos Apple safari Apple visionos

Fri, 14 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Thu, 13 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-03-13'}`

Thu, 13 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 13 Mar 2025 15:00:00 +0000

Type	Values Removed	Values Added
Title		webkitgtk: out-of-bounds write vulnerability
References		https://nvd.nist.gov/vuln/detail/CVE-2025-24201 https://www.cve.org/CVERecord?id=CVE-2025-24201
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 12 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 11 Mar 2025 19:30:00 +0000

Type	Values Removed	Values Added
Description	An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).	An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
References		https://support.apple.com/en-us/122285

Tue, 11 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
References		https://support.apple.com/en-us/122281 https://support.apple.com/en-us/122283 https://support.apple.com/en-us/122284

Subscriptions

Apple Ipados Iphone Os Macos Safari Visionos Watchos

Debian Debian Linux

Redhat Enterprise Linux Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-03-11T18:07:21.848Z

Updated: 2026-04-02T18:10:13.716Z

Reserved: 2025-01-17T00:00:44.999Z

Link: CVE-2025-24201

Vulnrichment

Updated: 2025-11-13T19:45:58.488Z

NVD

Status : Analyzed

Published: 2025-03-11T18:15:30.190

Modified: 2026-04-03T11:45:20.220

Link: CVE-2025-24201

Redhat

Severity : Important

Publid Date: 2025-03-11T00:00:00Z

Links: CVE-2025-24201 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-28T03:30:19Z

Weaknesses

CWE-787

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object