CVE-2025-24180

CVE Database · CVE-2025-24180

CVE-2025-24180

· HIGHModified

CVSS v3.1

8.1

EPSS

0.91%

Published

Mar 31, 2025

Modified

Apr 2, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-601

Affected Products (5)

apple · safari (up to 18.4)vulnerable

apple · ipados (up to 18.4)vulnerable

apple · iphone_os (up to 18.4)vulnerable

apple · macos (up to 15.4)vulnerable

apple · visionos (up to 2.3)vulnerable

References (10)

https://support.apple.com/en-us/122371