Description
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2025-05-12
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service – process crashes caused by malicious web content
Action: Patch Immediately
AI Analysis

Impact

The vulnerability arises from improper memory handling in macOS’s web content rendering processes. When maliciously crafted web content is processed, the application may unexpectedly crash, leading to a denial of service: the affected process terminates unexpectedly, disrupting user sessions and potentially affecting system stability for web‑based workloads.

Affected Systems

Apple’s macOS operating system is affected, specifically the Sequoia release series. The issue was fixed in macOS Sequoia 15.5, so versions prior to 15.5 remain vulnerable. Users running Sequoia 15.0–15.4 or any earlier minor revisions may experience crashes when encountering malformed web content.

Risk and Exploitability

The CVSS score of 6.5 indicates a moderate risk level, while the EPSS < 1% points to a very low likelihood of current exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no known large‑scale attacks. Attackers would need to supply specially crafted content that a user’s browser processes, so the feasible attack vector is through malicious web pages or compromised web applications. The official fix in 15.5 corrects the memory handling, eliminating the crash vector once upgraded.

Generated by OpenCVE AI on April 28, 2026 at 18:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.5 or later via Software Update.
  • Reboot the system after the update to ensure all services use the patched code.
  • Avoid browsing untrusted sites until an upgrade is available, and consider using a sandboxed browser or strict content filtering to reduce exposure to malformed web pages.

Generated by OpenCVE AI on April 28, 2026 at 18:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14631 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Processing maliciously crafted web content may lead to an unexpected process crash.
History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Title Malicious Web Content Crash Vulnerability

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Wed, 14 May 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Tue, 13 May 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.5. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:23:16.684Z

Reserved: 2025-01-17T00:00:45.004Z

Link: CVE-2025-24222

cve-icon Vulnrichment

Updated: 2025-05-13T20:11:39.284Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:20.083

Modified: 2025-11-03T20:17:52.280

Link: CVE-2025-24222

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:00:20Z

Weaknesses