{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43227", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.090Z", "datePublished": "2025-07-29T23:35:48.809Z", "dateUpdated": "2025-11-04T21:10:33.360Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may disclose sensitive user information"}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "18.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "15.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "18.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "2.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "11.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "18.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information."}], "references": [{"url": "https://support.apple.com/en-us/124152"}, {"url": "https://support.apple.com/en-us/124149"}, {"url": "https://support.apple.com/en-us/124153"}, {"url": "https://support.apple.com/en-us/124154"}, {"url": "https://support.apple.com/en-us/124155"}, {"url": "https://support.apple.com/en-us/124147"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-07-30T22:57:07.879Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-359", "lang": "en", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-30T17:25:06.272786Z", "id": "CVE-2025-43227", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T17:25:36.449Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"}, {"url": "http://seclists.org/fulldisclosure/2025/Aug/0"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/36"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/35"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/32"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/30"}, {"url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:10:33.360Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"}, {"url": "http://seclists.org/fulldisclosure/2025/Aug/0"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/36"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/35"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/32"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/30"}, {"url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:10:33.360Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43227", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-30T17:25:06.272786Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T17:24:40.430Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "2.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "11.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.6", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/124152"}, {"url": "https://support.apple.com/en-us/124149"}, {"url": "https://support.apple.com/en-us/124153"}, {"url": "https://support.apple.com/en-us/124154"}, {"url": "https://support.apple.com/en-us/124155"}, {"url": "https://support.apple.com/en-us/124147"}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing maliciously crafted web content may disclose sensitive user information"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-07-30T22:57:07.879Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43227", "state": "PUBLISHED", "dateUpdated": "2025-11-04T21:10:33.360Z", "dateReserved": "2025-04-16T15:24:37.090Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-07-29T23:35:48.809Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "969AD7A8-5CCF-4607-BBE8-E06E642A170C", "versionEndExcluding": "18.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "8ED4015E-C707-4A91-86B3-23100E0DFA8F", "versionEndExcluding": "18.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD9D42A7-DE2A-4D5A-8C7B-002A60148483", "versionEndExcluding": "18.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "077E4BB7-4A8B-4D18-BCD7-2938A2B8B9C8", "versionEndExcluding": "15.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBC1698A-3E9C-4055-B23A-13A3C22BD6EE", "versionEndExcluding": "18.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EADBC0BD-ECAC-4E0A-B490-24649AFE5355", "versionEndExcluding": "2.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "35D9C2D7-6120-4631-8D0B-259641DFD85B", "versionEndExcluding": "11.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information."}, {"lang": "es", "value": "Este problema se solucion\u00f3 mejorando la gesti\u00f3n de estado. Est\u00e1 corregido en iOS 18.6 y iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6 y visionOS 2.6. El procesamiento de contenido web manipulado con fines malintencionados puede revelar informaci\u00f3n confidencial del usuario."}], "id": "CVE-2025-43227", "lastModified": "2025-11-04T22:16:13.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-30T00:15:34.803", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124147"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124149"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124152"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124153"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124154"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Aug/0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jul/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jul/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jul/35"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jul/36"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "webkitgtk: Processing maliciously crafted web content may disclose sensitive user information", "id": "2386274", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386274"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-359", "details": ["This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, visionOS 2.6. Processing maliciously crafted web content may disclose sensitive user information."], "name": "CVE-2025-43227", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-08-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-43227\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-43227\nhttps://webkitgtk.org/security/WSA-2025-0005.html"], "threat_severity": "Moderate"}

{"created": "2025-07-30T10:13:59.966007+00:00", "updated": "2025-07-30T10:13:59.966100+00:00", "vendors": ["apple", "apple$PRODUCT$ios", "apple$PRODUCT$ipados", "apple$PRODUCT$macos", "apple$PRODUCT$macos_sequoia", "apple$PRODUCT$tvos", "apple$PRODUCT$visionos", "apple$PRODUCT$watchos"]}