CVE-2025-24208Cross-site Scripting in Apple IOS AND Ipados

CWE-79Cross-site Scripting9 documents8 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 45.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple IOS AND IpadosApple SafariApple Ipados+1 more
Timeline
PublishedMar 31
Latest updateApr 14

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lead to a cross-site scripting attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages5 packages

CVEListV5apple/safari< 18.4
NVDapple/ipados< 18.4
NVDapple/safari< 18.4
CVEListV5apple/ios_and_ipados< 18.4
NVDapple/iphone_os< 18.4

🔴Vulnerability Details

3
GHSA
GHSA-vwcg-r7w2-v8qc: A permissions issue was addressed with additional restrictions2025-04-01
CVEList
CVE-2025-24208: A permissions issue was addressed with additional restrictions2025-03-31
OSV
CVE-2025-24208: A permissions issue was addressed with additional restrictions2025-03-31

📋Vendor Advisories

5
Ubuntu
WebKitGTK vulnerabilities2025-04-14
Red Hat
webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack2025-04-07
Apple
CVE-2025-24208: Safari 18.42025-03-31
Apple
CVE-2025-24208: iOS 18.4 and iPadOS 18.42025-03-31
Debian
CVE-2025-24208: webkit2gtk - A permissions issue was addressed with additional restrictions. This issue is fi...2025
CVE-2025-24208 — Cross-site Scripting in Apple | cvebase