Description
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Published: 2025-07-29
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service – unexpected Safari crash
Action: Apply Patch
AI Analysis

Impact

A flaw in WebKitGTK’s memory handling allows maliciously crafted web content to cause an unexpected Safari crash. The vulnerability does not grant code execution or privilege escalation; it results in a denial of service by terminating the browser instance or the entire web rendering component. The weakness maps to CWE‑119, which involves improper handling of memory buffers.

Affected Systems

The issue affects Apple’s Safari browser on all supported Apple operating systems, including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Specifically, Safari 18.6, iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, and watchOS 11.6 incorporate the fix; versions prior to these are vulnerable.

Risk and Exploitability

The CVSS score of 6.5 places the vulnerability in the moderate severity range. The EPSS score of less than 1% indicates a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog, suggesting that there are no publicly confirmed exploits. Based on the description, it is inferred that the attacker would need to deliver specially crafted web content—typically via a webpage or email attachment—to trigger the crash, making the vulnerability primarily a local denial of service with no remote code execution capability.

Generated by OpenCVE AI on April 28, 2026 at 10:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Safari and all associated Apple operating systems to the patched versions (Safari 18.6, iOS 18.6, iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6).
  • Apply the security updates following Apple support advisories 124147, 124149, 124152, 124153, 124154.
  • For systems that cannot immediately update, limit loading of untrusted web content via Content Security Policy or equivalent controls and monitor application crashes.

Generated by OpenCVE AI on April 28, 2026 at 10:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4276-1 webkit2gtk security update
Debian DSA Debian DSA DSA-5978-1 webkit2gtk security update
EUVD EUVD EUVD-2025-23083 The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Ubuntu USN Ubuntu USN USN-7702-1 WebKitGTK vulnerabilities
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 05 Aug 2025 00:15:00 +0000

Type Values Removed Values Added
Title webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 31 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
Apple safari
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os
Apple safari

Wed, 30 Jul 2025 23:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References

Wed, 30 Jul 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 30 Jul 2025 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple tvos
Apple visionos
Apple watchos

Wed, 30 Jul 2025 00:15:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash. The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Tue, 29 Jul 2025 23:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References

Subscriptions

Apple Ios Ipados Iphone Os Macos Macos Sequoia Safari Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:17:19.151Z

Reserved: 2025-04-16T15:24:37.088Z

Link: CVE-2025-43212

cve-icon Vulnrichment

Updated: 2025-11-04T21:10:29.983Z

cve-icon NVD

Status : Modified

Published: 2025-07-30T00:15:33.280

Modified: 2026-04-02T19:20:05.580

Link: CVE-2025-43212

cve-icon Redhat

Severity : Important

Publid Date: 2025-08-01T00:00:00Z

Links: CVE-2025-43212 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:00:14Z

Weaknesses