CVE-2025-24201 – This critical vulnerability allows malicious we... (How to Fix)

Q: What is the severity of CVE-2025-24201?

CVE-2025-24201 has a CVSS score of 10.0 (CRITICAL). This critical vulnerability allows malicious web content to break out of the Web Content sandbox via an out-of-bounds write issue, potentially enabling arbitrary code execution. It affects Apple devices running vulnerable versions of iOS, iPadOS, macOS, visionOS, watchOS, and Safari. Apple has confirmed this may have been exploited in sophisticated targeted attacks.

📋 TL;DR

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via an out-of-bounds write issue, potentially enabling arbitrary code execution. It affects Apple devices running vulnerable versions of iOS, iPadOS, macOS, visionOS, watchOS, and Safari. Apple has confirmed this may have been exploited in sophisticated targeted attacks.

💻 Affected Systems

Products:

iOS
iPadOS
macOS
visionOS
watchOS
Safari

Versions: Versions before iOS 17.2 and specific vulnerable versions listed in advisory

Operating Systems: iOS, iPadOS, macOS, visionOS, watchOS

Default Config Vulnerable: ⚠️ Yes

Notes: This is a supplementary fix for an attack blocked in iOS 17.2, but affects multiple older versions that received separate patches.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code, access sensitive data, and maintain persistence on affected Apple devices.

🟠

Likely Case

Targeted exploitation against specific individuals to bypass security sandboxes and gain elevated privileges on compromised devices.

🟢

If Mitigated

Limited impact if devices are fully patched and web content filtering is implemented, though zero-day exploitation risk existed before patches.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Apple confirms this may have been exploited in extremely sophisticated attacks against specific targeted individuals before iOS 17.2.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: visionOS 2.3.2, iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1, watchOS 11.4, iPadOS 17.7.6, iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, iPadOS 15.8.4

Vendor Advisory: https://support.apple.com/en-us/122281

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/visionOS. 2. Install available updates. 3. For macOS, go to System Settings > General > Software Update. 4. For Safari, update through macOS Software Update or App Store.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript in Safari to mitigate web-based exploitation vectors

Use alternative browser

all

Use browsers not based on WebKit until patches are applied

🧯 If You Can't Patch

Isolate affected devices from untrusted networks and web content
Implement strict web content filtering and network segmentation

🔍 How to Verify

Check if Vulnerable:

Check device version against affected versions list in Apple advisory

Check Version:

iOS/iPadOS: Settings > General > About > Version. macOS: Apple menu > About This Mac > macOS version. Safari: Safari menu > About Safari

Verify Fix Applied:

Verify device is running patched version from fix_official section

📡 Detection & Monitoring

Log Indicators:

Unusual Safari/WebKit process behavior
Sandbox violation logs
Unexpected privilege escalation

Network Indicators:

Suspicious web content loading patterns
Connections to known malicious domains

SIEM Query:

process_name:"Safari" OR process_name:"WebKit" AND (event_type:"sandbox_violation" OR privilege_change:"escalation")

📊 Metadata

CVE ID: CVE-2025-24201

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-787

EPSS Score: 0.07% exploit probability (20.9th percentile)

CISA KEV: Actively Exploited added Mar 13, 2025

Published: March 11, 2025

Last Updated: November 14, 2025

🔗 References

https://support.apple.com/en-us/122281 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122283 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122284 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122285 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122345 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122346 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122372 Release Notes,Vendor Advisory
https://support.apple.com/en-us/122376 Release Notes,Vendor Advisory
http://seclists.org/fulldisclosure/2025/Apr/16 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2025/Apr/7 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2025/Jun/19 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2025/Mar/2 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2025/Mar/3 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2025/Mar/4 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2025/Mar/5 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2025/Oct/1 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2025/Oct/31 Mailing List,Third Party Advisory
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201 Third Party Advisory
https://github.com/cisagov/vulnrichment/issues/194 Issue Tracking
https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html Mailing List
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24201 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24201, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Debian Linux by Debian

Ipados by Apple

Ipados by Apple

Ipados by Apple

Ipados by Apple

Iphone Os by Apple

Iphone Os by Apple

Iphone Os by Apple

Macos by Apple

Safari by Apple

Visionos by Apple

Watchos by Apple

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable JavaScript

Use alternative browser

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities