CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2025-24201

Critical Severity
SVRS
77/100
CVSSv3
8.8/10
EPSS
0.00191/1

CVE-2025-24201 is a critical out-of-bounds write vulnerability affecting Apple's visionOS, iOS, iPadOS, macOS, and Safari. This flaw allows maliciously crafted web content to potentially escape the Web Content sandbox, leading to unauthorized actions. Patches are available in visionOS 2.3.2, iOS/iPadOS 18.3.2, macOS Sequoia 15.3.2, and Safari 18.3.1.

While the CVSS score is 8.8, SOCRadar's Vulnerability Risk Score (SVRS) assigns a score of 77, indicating a high risk level, approaching criticality. This vulnerability is especially significant because active exploits are known to exist and has been observed in the wild. The vulnerability poses a substantial threat to targeted individuals, making prompt patching essential to mitigate potential exploits and system compromise.

TAGS
In The Wild
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:H
A:H
PUBLICATION DATE2025-03-11
LAST MODIFIED2025-03-20

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2025-242012025-03-13
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

7th April – Threat Intelligence Report - Check Point Software
2025-04-07
7th April – Threat Intelligence Report - Check Point Software | News Content: For the latest discoveries in cyber research for the week of 7th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The second-largest bar association in the US, The State Bar of Texas, has experienced a ransomware attack that resulted in unauthorized access to its network, exposing sensitive member information including full names and legal case documents. The INC ransomware gang claimed responsibility for the attack and has already leaked samples of stolen files. Check Point Threat Emulation provides protection against this threat (Ransomware.Wins.INC) Port of Seattle
google.com
rss
forum
news
Apple backported fixes for three actively exploited flaws to older devices
Pierluigi Paganini2025-04-02
Apple backported fixes for three actively exploited flaws to older devices | Apple backports three critical vulnerabilities actively exploited in attacks against older iOS and macOS models. Apple has backported fixes for three actively exploited vulnerabilities to older devices and OS versions. The three vulnerabilities are: Apple released the following updates: that are available for the following devices: Follow me on Twitter:&#160;@securityaffairs&#160;and&#160;Facebook&#160;and&#160;Mastodon Pierluigi&#160;Paganini (SecurityAffairs – hacking, newsletter) <h2 class="wp-block
securityaffairs.co
rss
forum
news
Apple issues fixes for vulnerabilities in both old and new OS versions
Matt Kapko2025-04-01
Apple issues fixes for vulnerabilities in both old and new OS versions | The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities. The post Apple issues fixes for vulnerabilities in both old and new OS versions appeared first on CyberScoop.Apple released security updates Monday to address software defects in the latest version of the company’s Safari browser
cyberscoop.com
rss
forum
news
Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks
Kaaviya2025-04-01
Apple Warns of Three 0-Day Vulnerabilities Actively Exploited in Attacks | Apple has issued an urgent security advisory concerning three critical zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 that have been actively exploited in sophisticated attacks. These vulnerabilities affect a wide range of Apple devices, including iPhones, iPads, Macs, and other platforms. Users are strongly advised to update their devices immediately to mitigate potential security risks. Significant [&#8230;] The post Apple Warns of Three 0-Day Vulnerabilities Actively
cybersecuritynews.com
rss
forum
news
Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st)
2025-03-31
Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st) | Today, Apple released updates across all its products: iOS, iPadOS, macOS, tvOS, visionOS, Safari, and XCode. WatchOS was interestingly missing from the patch lineup. This is a feature update for the operating systems, but we get patches for 145 different vulnerabilities in addition to new features. This update includes a patch for CVE-2025-24200 and CVE-2025-24201, two already exploited iOS vulnerabilities, for older iOS/iPadOS versions. Current versions received this patch a few weeks ago.&#xd;Today, Apple released
sans.edu
rss
forum
news
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Ajit Jasrotia2025-03-17
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More | From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week&#8217;s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source repositories [&#8230;] The post ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor
allhackernews.com
rss
forum
news
Stable Channel Update for Desktop
Srinivas Sista ([email protected])2025-03-16
Stable Channel Update for Desktop | The Stable channel has been updated to&nbsp;134.0.6998.88/.89 for Windows, Mac and&nbsp;134.0.6998.88&nbsp;
blogger.com
rss
forum
news

Social Media

🚨 Apple fixes critical WebKit zero-day vulnerability, CVE-2025-24201, used in sophisticated attacks! 🛡️ Organizations, update your Apple devices NOW to protect against exploits. Stay proactive and secure your digital assets! #CyberSecurity #ZeroDay https://t.co/fmmkM4JyYS
0
0
0
🚨 Old iPhones, new threats. Apple just patched 3 exploited zero-days and yes, even your dusty iPhone 6s is getting a fix. 🛡️ What's at stake? • CVE-2025-24201 (CVSS 8.8): Malicious web content breaking free from Safari’s sandbox • CVE-2025-24085 (7.3): Apps hijacking system https://t.co/OSXUIdXAru
0
0
0
In April 2025, Apple issued an urgent security advisory highlighting three critical zero-day vulnerabilities—CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085—actively exploited in attacks. These flaws threaten the security of millions. https://t.co/FJ33OUjBqo
1
0
0
This update is critical as it includes fixes for two already exploited iOS vulnerabilities, CVE-2025-24200 and CVE-2025-24201. The fact that these vulnerabilities were previously exploited underscores the urgency of applying these updates to safeguard your devices.
1
0
0
The CVE-2025-24201 is a WebKit flaw that let attackers escape the browser sandbox—basically breaking out of a secure container to run malicious code. Update your devices to iOS 18.3.2 &amp; macOS 15.3.2
0
0
0
Apple corrige falhas de segurança ativamente exploradas em sistemas antigos: as vulnerabilidades CVE-2025-24200 e CVE-2025-24201 foram mitigadas em março no iOS e iPadOS 18.3.1. Agora, a empresa está aplicando a solução às versões 15.8.4 e 16.7.11 dos mesmos sistemas. A
1
0
1
🔔 @AppleSecurity Update 🔔 Apple has disclosed three zero-day vulnerabilities (CVE-2025-24200, CVE-2025-24201 &amp; CVE-2025-24085) that have been actively exploited. Users are advised to update their devices. 🔗 More info: https://t.co/OP7vrMTm8K @CyberHubs_EU #CyberSecurity #
0
0
1
Apple backported fixes for three zero-day flaws (CVE-2025-24200, CVE-2025-24201, CVE-2025-24085) exploited in attacks on older iOS, iPadOS, &amp; macOS versions. Learn about these vulnerabilities, their exploitation methods, &amp; how to detect and mitigate them: https://t.co/Q5UZuxNBI6 https://t.co/jgjjB2t3ZX
0
0
0
Apple has issued security updates backporting fixes for zero-day vulnerabilities CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085 to older OS versions. Additionally, updates for the latest iOS, iPadOS, macOS, Safari, and Xcode have been released. #apple #updates https://t.co/F4bvjP83xW
0
0
0
Apple has issued a security advisory for three critical zero-day vulnerabilities: CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085, actively exploited in sophisticated attacks. https://t.co/k6mI9Cnca0
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://support.apple.com/en-us/122281
[email protected]https://support.apple.com/en-us/122283
[email protected]https://support.apple.com/en-us/122284
[email protected]https://support.apple.com/en-us/122285
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2025/Mar/2
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2025/Mar/3
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2025/Mar/4
AF854A3A-2127-422B-91AE-364DA2661108http://seclists.org/fulldisclosure/2025/Mar/5
[email protected]https://support.apple.com/en-us/122281
[email protected]https://support.apple.com/en-us/122283
[email protected]https://support.apple.com/en-us/122284
[email protected]https://support.apple.com/en-us/122285

CWE Details

CWE IDCWE NameDescription
CWE-787Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence