CVE-2025-24150Command Injection in Apple IOS AND Ipados

CWE-77Command Injection11 documents8 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 45.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOS AND IpadosApple MacosApple Safari+2 more
Timeline
PublishedJan 27
Latest updateFeb 20

Description

A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Copying a URL from Web Inspector may lead to command injection.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

CVEListV5apple/macos< 15.3
NVDapple/macos< 15.3
CVEListV5apple/safari< 18.3
NVDapple/ipados< 18.3
NVDapple/safari< 18.3

🔴Vulnerability Details

4
GHSA
GHSA-qmjg-q5x7-48p2: A privacy issue was addressed with improved handling of files2025-01-28
OSV
CVE-2025-24150: A privacy issue was addressed with improved handling of files2025-01-27
OSV
CVE-2025-24150: A privacy issue was addressed with improved handling of files2025-01-27
CVEList
CVE-2025-24150: A privacy issue was addressed with improved handling of files2025-01-27

📋Vendor Advisories

6
Ubuntu
WebKitGTK vulnerabilities2025-02-20
Red Hat
webkitgtk: Copying a URL from Web Inspector may lead to command injection2025-01-27
Apple
CVE-2025-24150: macOS Sequoia 15.32025-01-27
Apple
CVE-2025-24150: Safari 18.32025-01-27
Apple
CVE-2025-24150: iOS 18.3 and iPadOS 18.32025-01-27
CVE-2025-24150 — Command Injection in Apple | cvebase