CVE-2025-24201CRITICAL 10.0CISA KEVEPSS p89.7%

CVE-2025-24201Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability

Apple / Multiple Products

Description

Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS4.24% probability of exploitation · percentile 89.7% · 2026-06-18T12:00:27Z
Published2025-03-11
Last modified2026-04-03

CISA KEV entry

Added to KEV: 2025-03-13

Underlying weaknesses· 1

CWE-787

References

  1. https://support.apple.com/en-us/122281
  2. https://support.apple.com/en-us/122283
  3. https://support.apple.com/en-us/122284
  4. https://support.apple.com/en-us/122285
  5. https://support.apple.com/en-us/122345
  6. https://support.apple.com/en-us/122346
  7. https://support.apple.com/en-us/122372
  8. https://support.apple.com/en-us/122376

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Writecwe-7870%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryApple Multiple Products WebKit Out-of-Bounds Write Vulnerabilitykev-cve-2025-242010%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability
CVE
Apple Multiple Products WebKit Sandbox Escape Vulnerability
CVE
Apple Multiple Products WebKit Memory Corruption Vulnerability
CVE
Apple Multiple Products Use-After-Free WebKit Vulnerability
CVE
Apple iOS and macOS Out-of-Bounds Write Vulnerability
CVE
Apple Multiple Products WebKit Use-After-Free Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.