Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-24209 (GCVE-0-2025-24209)
Vulnerability from cvelistv5 – Published: 2025-03-31 22:23 – Updated: 2026-04-02 18:20
VLAI?
EPSS
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.
Severity ?
CWE
- Processing maliciously crafted web content may lead to an unexpected process crash
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T18:15:08.714331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T18:17:16.890Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:08:03.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/13"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/5"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/4"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/11"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:20:48.576Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122371"
},
{
"url": "https://support.apple.com/en-us/122372"
},
{
"url": "https://support.apple.com/en-us/122373"
},
{
"url": "https://support.apple.com/en-us/122376"
},
{
"url": "https://support.apple.com/en-us/122377"
},
{
"url": "https://support.apple.com/en-us/122379"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-24209",
"datePublished": "2025-03-31T22:23:39.898Z",
"dateReserved": "2025-01-17T00:00:45.001Z",
"dateUpdated": "2026-04-02T18:20:48.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-24209",
"date": "2026-05-22",
"epss": "0.00558",
"percentile": "0.68441"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-24209\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2025-03-31T23:15:18.870\",\"lastModified\":\"2026-04-02T19:19:19.297\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 un problema de desbordamiento de b\u00fafer mejorando la gesti\u00f3n de memoria. Este problema se solucion\u00f3 en tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 y iPadOS 18.4, y macOS Sequoia 15.4. El procesamiento de contenido web malintencionado puede provocar un bloqueo inesperado del proceso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.4\",\"matchCriteriaId\":\"45D15738-9AE3-4CB5-8755-A67F6E09EAC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.7.6\",\"matchCriteriaId\":\"687E67E4-136D-4154-BA6F-5ACA16254023\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"18.0\",\"versionEndExcluding\":\"18.4\",\"matchCriteriaId\":\"BAAF5169-C6A9-449A-B41F-2CB1801EBA4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.4\",\"matchCriteriaId\":\"0D9C73F9-FEF4-4FC1-B83D-56566AD35990\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.4\",\"matchCriteriaId\":\"1320B815-0457-4276-83B9-AFAFDAF17EDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.4\",\"matchCriteriaId\":\"8C61CCC2-87D3-4A3A-837B-63C48299A7AD\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/122371\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/122372\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/122373\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/122376\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/122377\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/122379\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2025/Apr/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Apr/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Apr/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Apr/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Apr/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2025/Apr/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Apr/13\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Apr/8\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Apr/5\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Apr/4\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Apr/11\"}, {\"url\": \"http://seclists.org/fulldisclosure/2025/Apr/2\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:08:03.597Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-24209\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-01T18:15:08.714331Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-01T18:17:11.051Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"18.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"18.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.7.6\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"15.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"18.4\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"11.4\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/122371\"}, {\"url\": \"https://support.apple.com/en-us/122372\"}, {\"url\": \"https://support.apple.com/en-us/122373\"}, {\"url\": \"https://support.apple.com/en-us/122376\"}, {\"url\": \"https://support.apple.com/en-us/122377\"}, {\"url\": \"https://support.apple.com/en-us/122379\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to an unexpected process crash\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2026-04-02T18:20:48.576Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-24209\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-02T18:20:48.576Z\", \"dateReserved\": \"2025-01-17T00:00:45.001Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2025-03-31T22:23:39.898Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0258
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Apple indique que les vulnérabilités CVE-2025-24200 et CVE-2025-24201 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iPadOS | iPadOS versions antérieures à 17.7.6 | ||
| Apple | iOS | iOS versions antérieures à 18.4 | ||
| Apple | N/A | Xcode versions antérieures à 16.3 | ||
| Apple | iOS | iOS versions antérieures à 16.7.11 | ||
| Apple | visionOS | visionOS versions antérieures à 2.4 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.7.5 | ||
| Apple | tvOS | tvOS versions antérieures à 18.4 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.4 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.7.5 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.4 | ||
| Apple | iOS | iOS versions antérieures à 15.8.4 | ||
| Apple | iPadOS | iPadOS versions antérieures à 16.7.11 | ||
| Apple | iPadOS | iPadOS versions antérieures à 15.8.4 | ||
| Apple | Safari | Safari versions antérieures à 18.4 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.6",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 16.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 16.7.11",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 2.4",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 15.8.4",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 16.7.11",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 15.8.4",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24206"
},
{
"name": "CVE-2024-54508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54508"
},
{
"name": "CVE-2025-24205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24205"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2025-24266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24266"
},
{
"name": "CVE-2024-54502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54502"
},
{
"name": "CVE-2025-24273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24273"
},
{
"name": "CVE-2025-30425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30425"
},
{
"name": "CVE-2025-24200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24200"
},
{
"name": "CVE-2025-24228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24228"
},
{
"name": "CVE-2025-24210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24210"
},
{
"name": "CVE-2025-24265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24265"
},
{
"name": "CVE-2025-24260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24260"
},
{
"name": "CVE-2025-24249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24249"
},
{
"name": "CVE-2025-30455",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30455"
},
{
"name": "CVE-2025-30471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30471"
},
{
"name": "CVE-2025-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30465"
},
{
"name": "CVE-2025-24253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24253"
},
{
"name": "CVE-2025-30447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30447"
},
{
"name": "CVE-2025-30445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30445"
},
{
"name": "CVE-2025-24207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24207"
},
{
"name": "CVE-2025-24240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24240"
},
{
"name": "CVE-2025-24229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24229"
},
{
"name": "CVE-2025-24246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24246"
},
{
"name": "CVE-2025-24182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24182"
},
{
"name": "CVE-2025-24279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24279"
},
{
"name": "CVE-2025-24271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24271"
},
{
"name": "CVE-2025-30469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30469"
},
{
"name": "CVE-2025-24178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24178"
},
{
"name": "CVE-2025-30463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30463"
},
{
"name": "CVE-2025-30457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30457"
},
{
"name": "CVE-2025-24126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24126"
},
{
"name": "CVE-2025-24204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24204"
},
{
"name": "CVE-2025-24216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24216"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-30462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30462"
},
{
"name": "CVE-2025-30467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30467"
},
{
"name": "CVE-2025-24262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24262"
},
{
"name": "CVE-2025-24270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24270"
},
{
"name": "CVE-2025-24194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24194"
},
{
"name": "CVE-2025-24267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24267"
},
{
"name": "CVE-2025-24235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24235"
},
{
"name": "CVE-2025-24193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24193"
},
{
"name": "CVE-2025-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24281"
},
{
"name": "CVE-2025-24221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24221"
},
{
"name": "CVE-2025-24257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24257"
},
{
"name": "CVE-2025-31187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31187"
},
{
"name": "CVE-2025-30449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30449"
},
{
"name": "CVE-2025-24263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24263"
},
{
"name": "CVE-2025-24191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24191"
},
{
"name": "CVE-2025-30464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30464"
},
{
"name": "CVE-2025-30429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30429"
},
{
"name": "CVE-2025-24280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24280"
},
{
"name": "CVE-2025-30452",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30452"
},
{
"name": "CVE-2025-24085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24085"
},
{
"name": "CVE-2025-24203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24203"
},
{
"name": "CVE-2025-24247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24247"
},
{
"name": "CVE-2025-24211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24211"
},
{
"name": "CVE-2025-24198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24198"
},
{
"name": "CVE-2025-24131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24131"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-24164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24164"
},
{
"name": "CVE-2025-24255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24255"
},
{
"name": "CVE-2025-24283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24283"
},
{
"name": "CVE-2024-48958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48958"
},
{
"name": "CVE-2025-24170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24170"
},
{
"name": "CVE-2025-24093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24093"
},
{
"name": "CVE-2025-24173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24173"
},
{
"name": "CVE-2025-24218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24218"
},
{
"name": "CVE-2025-24097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24097"
},
{
"name": "CVE-2025-30435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30435"
},
{
"name": "CVE-2024-40864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40864"
},
{
"name": "CVE-2025-24157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24157"
},
{
"name": "CVE-2025-24278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24278"
},
{
"name": "CVE-2025-24264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24264"
},
{
"name": "CVE-2025-24172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24172"
},
{
"name": "CVE-2025-30451",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30451"
},
{
"name": "CVE-2025-24212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24212"
},
{
"name": "CVE-2025-24252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24252"
},
{
"name": "CVE-2025-24199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24199"
},
{
"name": "CVE-2025-24239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24239"
},
{
"name": "CVE-2025-24139",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24139"
},
{
"name": "CVE-2025-24237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24237"
},
{
"name": "CVE-2025-24254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24254"
},
{
"name": "CVE-2025-24226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24226"
},
{
"name": "CVE-2025-24238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24238"
},
{
"name": "CVE-2025-30450",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30450"
},
{
"name": "CVE-2025-24192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24192"
},
{
"name": "CVE-2025-24236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24236"
},
{
"name": "CVE-2025-24167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24167"
},
{
"name": "CVE-2025-24232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24232"
},
{
"name": "CVE-2025-31194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31194"
},
{
"name": "CVE-2025-30458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30458"
},
{
"name": "CVE-2025-24261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24261"
},
{
"name": "CVE-2025-30424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30424"
},
{
"name": "CVE-2025-30430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30430"
},
{
"name": "CVE-2025-30444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30444"
},
{
"name": "CVE-2025-24282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24282"
},
{
"name": "CVE-2025-24256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24256"
},
{
"name": "CVE-2025-24259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24259"
},
{
"name": "CVE-2025-24181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24181"
},
{
"name": "CVE-2025-31197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31197"
},
{
"name": "CVE-2025-24233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24233"
},
{
"name": "CVE-2025-24241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24241"
},
{
"name": "CVE-2025-24215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24215"
},
{
"name": "CVE-2025-24214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24214"
},
{
"name": "CVE-2025-30439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30439"
},
{
"name": "CVE-2025-24113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24113"
},
{
"name": "CVE-2025-30460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30460"
},
{
"name": "CVE-2025-30434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30434"
},
{
"name": "CVE-2025-31192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31192"
},
{
"name": "CVE-2025-30428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30428"
},
{
"name": "CVE-2025-24196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24196"
},
{
"name": "CVE-2025-24242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24242"
},
{
"name": "CVE-2025-30438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30438"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2025-30437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30437"
},
{
"name": "CVE-2025-30432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30432"
},
{
"name": "CVE-2024-54533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54533"
},
{
"name": "CVE-2025-24129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24129"
},
{
"name": "CVE-2025-24217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24217"
},
{
"name": "CVE-2025-24272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24272"
},
{
"name": "CVE-2025-24213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24213"
},
{
"name": "CVE-2025-24095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24095"
},
{
"name": "CVE-2025-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30456"
},
{
"name": "CVE-2025-24209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24209"
},
{
"name": "CVE-2025-24276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24276"
},
{
"name": "CVE-2025-24179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24179"
},
{
"name": "CVE-2025-24208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24208"
},
{
"name": "CVE-2025-24190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24190"
},
{
"name": "CVE-2025-30441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30441"
},
{
"name": "CVE-2025-24248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24248"
},
{
"name": "CVE-2025-24243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24243"
},
{
"name": "CVE-2025-31191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31191"
},
{
"name": "CVE-2025-31184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31184"
},
{
"name": "CVE-2025-24245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24245"
},
{
"name": "CVE-2025-30470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30470"
},
{
"name": "CVE-2025-31182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31182"
},
{
"name": "CVE-2025-24251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24251"
},
{
"name": "CVE-2025-24195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24195"
},
{
"name": "CVE-2024-54543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54543"
},
{
"name": "CVE-2025-24250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24250"
},
{
"name": "CVE-2025-24234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24234"
},
{
"name": "CVE-2025-24180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24180"
},
{
"name": "CVE-2025-24177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24177"
},
{
"name": "CVE-2025-30454",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30454"
},
{
"name": "CVE-2025-30461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30461"
},
{
"name": "CVE-2025-24244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24244"
},
{
"name": "CVE-2025-24230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24230"
},
{
"name": "CVE-2025-24148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24148"
},
{
"name": "CVE-2025-24163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24163"
},
{
"name": "CVE-2025-24231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24231"
},
{
"name": "CVE-2025-24277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24277"
},
{
"name": "CVE-2025-24269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24269"
},
{
"name": "CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"name": "CVE-2025-24201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24201"
},
{
"name": "CVE-2025-31188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31188"
},
{
"name": "CVE-2025-24202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24202"
},
{
"name": "CVE-2025-30446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30446"
},
{
"name": "CVE-2025-30433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30433"
},
{
"name": "CVE-2025-30443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30443"
},
{
"name": "CVE-2025-30426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30426"
},
{
"name": "CVE-2025-30427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30427"
},
{
"name": "CVE-2025-31183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31183"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0258",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-01T00:00:00.000000"
},
{
"description": "Ajout de multiples identifiants CVE.",
"revision_date": "2025-04-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nApple indique que les vuln\u00e9rabilit\u00e9s CVE-2025-24200 et CVE-2025-24201 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122378",
"url": "https://support.apple.com/en-us/122378"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122371",
"url": "https://support.apple.com/en-us/122371"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122380",
"url": "https://support.apple.com/en-us/122380"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122379",
"url": "https://support.apple.com/en-us/122379"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122345",
"url": "https://support.apple.com/en-us/122345"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122373",
"url": "https://support.apple.com/en-us/122373"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122372",
"url": "https://support.apple.com/en-us/122372"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122377",
"url": "https://support.apple.com/en-us/122377"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122346",
"url": "https://support.apple.com/en-us/122346"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122374",
"url": "https://support.apple.com/en-us/122374"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122375",
"url": "https://support.apple.com/en-us/122375"
}
]
}
CERTFR-2025-AVI-0938
Vulnerability from certfr_avis - Published: 2025-10-30 - Updated: 2025-10-30
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu pour Postgres versions antérieures à 4.3.1 sur Kubernetes | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 6.31.0 | ||
| VMware | Tanzu | Tanzu pour Postgres versions antérieures à 13.22.0, 14.19.0, 15.14.0, 16.10.0 et 17.6.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 7.6.0 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Postgres versions ant\u00e9rieures \u00e0 4.3.1 sur Kubernetes",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.31.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions ant\u00e9rieures \u00e0 13.22.0, 14.19.0, 15.14.0, 16.10.0 et 17.6.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 7.6.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2022-39176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39176"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2023-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
},
{
"name": "CVE-2021-38593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38593"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2020-26557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26557"
},
{
"name": "CVE-2019-25059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25059"
},
{
"name": "CVE-2024-46951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46951"
},
{
"name": "CVE-2025-31273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31273"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2025-32913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32913"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2022-39177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39177"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-2720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2720"
},
{
"name": "CVE-2024-46956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46956"
},
{
"name": "CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2024-46953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46953"
},
{
"name": "CVE-2025-24216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24216"
},
{
"name": "CVE-2025-43212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43212"
},
{
"name": "CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"name": "CVE-2025-24150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24150"
},
{
"name": "CVE-2021-45078",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
},
{
"name": "CVE-2023-2222",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2222"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2784"
},
{
"name": "CVE-2022-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4055"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2024-44192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44192"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-2723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2723"
},
{
"name": "CVE-2025-31278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31278"
},
{
"name": "CVE-2020-26559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26559"
},
{
"name": "CVE-2023-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46751"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-2724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2724"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2022-30294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30294"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-43368",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43368"
},
{
"name": "CVE-2023-52355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52355"
},
{
"name": "CVE-2024-46954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46954"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2020-26556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26556"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2005-2541",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2541"
},
{
"name": "CVE-2021-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
},
{
"name": "CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2025-32914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32914"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2025-43343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43343"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-43272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43272"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-6558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2025-32906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32906"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2020-26560",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26560"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-43216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43216"
},
{
"name": "CVE-2023-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2004"
},
{
"name": "CVE-2025-52194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52194"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2023-24607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24607"
},
{
"name": "CVE-2025-24209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24209"
},
{
"name": "CVE-2024-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0444"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2017-17973",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17973"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-43342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43342"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-32049",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32049"
},
{
"name": "CVE-2025-4948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4948"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2024-4453",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4453"
},
{
"name": "CVE-2025-31257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31257"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-11021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11021"
},
{
"name": "CVE-2023-1579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1579"
},
{
"name": "CVE-2024-46952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46952"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-7345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7345"
},
{
"name": "CVE-2025-30427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30427"
},
{
"name": "CVE-2025-32911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32911"
}
],
"initial_release_date": "2025-10-30T00:00:00",
"last_revision_date": "2025-10-30T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0938",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-10-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36277",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36277"
},
{
"published_at": "2025-10-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36284",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36284"
},
{
"published_at": "2025-10-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36281",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36281"
},
{
"published_at": "2025-10-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36282",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36282"
},
{
"published_at": "2025-10-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36283",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36283"
}
]
}
CERTFR-2025-AVI-0258
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.
Apple indique que les vulnérabilités CVE-2025-24200 et CVE-2025-24201 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | iPadOS | iPadOS versions antérieures à 17.7.6 | ||
| Apple | iOS | iOS versions antérieures à 18.4 | ||
| Apple | N/A | Xcode versions antérieures à 16.3 | ||
| Apple | iOS | iOS versions antérieures à 16.7.11 | ||
| Apple | visionOS | visionOS versions antérieures à 2.4 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.7.5 | ||
| Apple | tvOS | tvOS versions antérieures à 18.4 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.4 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.7.5 | ||
| Apple | iPadOS | iPadOS versions antérieures à 18.4 | ||
| Apple | iOS | iOS versions antérieures à 15.8.4 | ||
| Apple | iPadOS | iPadOS versions antérieures à 16.7.11 | ||
| Apple | iPadOS | iPadOS versions antérieures à 15.8.4 | ||
| Apple | Safari | Safari versions antérieures à 18.4 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.6",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 16.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 16.7.11",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 2.4",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 15.8.4",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 16.7.11",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 15.8.4",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 18.4",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-24206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24206"
},
{
"name": "CVE-2024-54508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54508"
},
{
"name": "CVE-2025-24205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24205"
},
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2025-24266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24266"
},
{
"name": "CVE-2024-54502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54502"
},
{
"name": "CVE-2025-24273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24273"
},
{
"name": "CVE-2025-30425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30425"
},
{
"name": "CVE-2025-24200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24200"
},
{
"name": "CVE-2025-24228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24228"
},
{
"name": "CVE-2025-24210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24210"
},
{
"name": "CVE-2025-24265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24265"
},
{
"name": "CVE-2025-24260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24260"
},
{
"name": "CVE-2025-24249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24249"
},
{
"name": "CVE-2025-30455",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30455"
},
{
"name": "CVE-2025-30471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30471"
},
{
"name": "CVE-2025-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30465"
},
{
"name": "CVE-2025-24253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24253"
},
{
"name": "CVE-2025-30447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30447"
},
{
"name": "CVE-2025-30445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30445"
},
{
"name": "CVE-2025-24207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24207"
},
{
"name": "CVE-2025-24240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24240"
},
{
"name": "CVE-2025-24229",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24229"
},
{
"name": "CVE-2025-24246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24246"
},
{
"name": "CVE-2025-24182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24182"
},
{
"name": "CVE-2025-24279",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24279"
},
{
"name": "CVE-2025-24271",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24271"
},
{
"name": "CVE-2025-30469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30469"
},
{
"name": "CVE-2025-24178",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24178"
},
{
"name": "CVE-2025-30463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30463"
},
{
"name": "CVE-2025-30457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30457"
},
{
"name": "CVE-2025-24126",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24126"
},
{
"name": "CVE-2025-24204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24204"
},
{
"name": "CVE-2025-24216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24216"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2025-30462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30462"
},
{
"name": "CVE-2025-30467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30467"
},
{
"name": "CVE-2025-24262",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24262"
},
{
"name": "CVE-2025-24270",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24270"
},
{
"name": "CVE-2025-24194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24194"
},
{
"name": "CVE-2025-24267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24267"
},
{
"name": "CVE-2025-24235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24235"
},
{
"name": "CVE-2025-24193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24193"
},
{
"name": "CVE-2025-24281",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24281"
},
{
"name": "CVE-2025-24221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24221"
},
{
"name": "CVE-2025-24257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24257"
},
{
"name": "CVE-2025-31187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31187"
},
{
"name": "CVE-2025-30449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30449"
},
{
"name": "CVE-2025-24263",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24263"
},
{
"name": "CVE-2025-24191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24191"
},
{
"name": "CVE-2025-30464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30464"
},
{
"name": "CVE-2025-30429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30429"
},
{
"name": "CVE-2025-24280",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24280"
},
{
"name": "CVE-2025-30452",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30452"
},
{
"name": "CVE-2025-24085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24085"
},
{
"name": "CVE-2025-24203",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24203"
},
{
"name": "CVE-2025-24247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24247"
},
{
"name": "CVE-2025-24211",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24211"
},
{
"name": "CVE-2025-24198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24198"
},
{
"name": "CVE-2025-24131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24131"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2025-24164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24164"
},
{
"name": "CVE-2025-24255",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24255"
},
{
"name": "CVE-2025-24283",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24283"
},
{
"name": "CVE-2024-48958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48958"
},
{
"name": "CVE-2025-24170",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24170"
},
{
"name": "CVE-2025-24093",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24093"
},
{
"name": "CVE-2025-24173",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24173"
},
{
"name": "CVE-2025-24218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24218"
},
{
"name": "CVE-2025-24097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24097"
},
{
"name": "CVE-2025-30435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30435"
},
{
"name": "CVE-2024-40864",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40864"
},
{
"name": "CVE-2025-24157",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24157"
},
{
"name": "CVE-2025-24278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24278"
},
{
"name": "CVE-2025-24264",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24264"
},
{
"name": "CVE-2025-24172",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24172"
},
{
"name": "CVE-2025-30451",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30451"
},
{
"name": "CVE-2025-24212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24212"
},
{
"name": "CVE-2025-24252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24252"
},
{
"name": "CVE-2025-24199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24199"
},
{
"name": "CVE-2025-24239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24239"
},
{
"name": "CVE-2025-24139",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24139"
},
{
"name": "CVE-2025-24237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24237"
},
{
"name": "CVE-2025-24254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24254"
},
{
"name": "CVE-2025-24226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24226"
},
{
"name": "CVE-2025-24238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24238"
},
{
"name": "CVE-2025-30450",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30450"
},
{
"name": "CVE-2025-24192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24192"
},
{
"name": "CVE-2025-24236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24236"
},
{
"name": "CVE-2025-24167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24167"
},
{
"name": "CVE-2025-24232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24232"
},
{
"name": "CVE-2025-31194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31194"
},
{
"name": "CVE-2025-30458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30458"
},
{
"name": "CVE-2025-24261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24261"
},
{
"name": "CVE-2025-30424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30424"
},
{
"name": "CVE-2025-30430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30430"
},
{
"name": "CVE-2025-30444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30444"
},
{
"name": "CVE-2025-24282",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24282"
},
{
"name": "CVE-2025-24256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24256"
},
{
"name": "CVE-2025-24259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24259"
},
{
"name": "CVE-2025-24181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24181"
},
{
"name": "CVE-2025-31197",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31197"
},
{
"name": "CVE-2025-24233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24233"
},
{
"name": "CVE-2025-24241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24241"
},
{
"name": "CVE-2025-24215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24215"
},
{
"name": "CVE-2025-24214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24214"
},
{
"name": "CVE-2025-30439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30439"
},
{
"name": "CVE-2025-24113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24113"
},
{
"name": "CVE-2025-30460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30460"
},
{
"name": "CVE-2025-30434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30434"
},
{
"name": "CVE-2025-31192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31192"
},
{
"name": "CVE-2025-30428",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30428"
},
{
"name": "CVE-2025-24196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24196"
},
{
"name": "CVE-2025-24242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24242"
},
{
"name": "CVE-2025-30438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30438"
},
{
"name": "CVE-2025-27113",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
},
{
"name": "CVE-2025-30437",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30437"
},
{
"name": "CVE-2025-30432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30432"
},
{
"name": "CVE-2024-54533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54533"
},
{
"name": "CVE-2025-24129",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24129"
},
{
"name": "CVE-2025-24217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24217"
},
{
"name": "CVE-2025-24272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24272"
},
{
"name": "CVE-2025-24213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24213"
},
{
"name": "CVE-2025-24095",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24095"
},
{
"name": "CVE-2025-30456",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30456"
},
{
"name": "CVE-2025-24209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24209"
},
{
"name": "CVE-2025-24276",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24276"
},
{
"name": "CVE-2025-24179",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24179"
},
{
"name": "CVE-2025-24208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24208"
},
{
"name": "CVE-2025-24190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24190"
},
{
"name": "CVE-2025-30441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30441"
},
{
"name": "CVE-2025-24248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24248"
},
{
"name": "CVE-2025-24243",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24243"
},
{
"name": "CVE-2025-31191",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31191"
},
{
"name": "CVE-2025-31184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31184"
},
{
"name": "CVE-2025-24245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24245"
},
{
"name": "CVE-2025-30470",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30470"
},
{
"name": "CVE-2025-31182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31182"
},
{
"name": "CVE-2025-24251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24251"
},
{
"name": "CVE-2025-24195",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24195"
},
{
"name": "CVE-2024-54543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54543"
},
{
"name": "CVE-2025-24250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24250"
},
{
"name": "CVE-2025-24234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24234"
},
{
"name": "CVE-2025-24180",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24180"
},
{
"name": "CVE-2025-24177",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24177"
},
{
"name": "CVE-2025-30454",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30454"
},
{
"name": "CVE-2025-30461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30461"
},
{
"name": "CVE-2025-24244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24244"
},
{
"name": "CVE-2025-24230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24230"
},
{
"name": "CVE-2025-24148",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24148"
},
{
"name": "CVE-2025-24163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24163"
},
{
"name": "CVE-2025-24231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24231"
},
{
"name": "CVE-2025-24277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24277"
},
{
"name": "CVE-2025-24269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24269"
},
{
"name": "CVE-2024-54534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-54534"
},
{
"name": "CVE-2025-24201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24201"
},
{
"name": "CVE-2025-31188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31188"
},
{
"name": "CVE-2025-24202",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24202"
},
{
"name": "CVE-2025-30446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30446"
},
{
"name": "CVE-2025-30433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30433"
},
{
"name": "CVE-2025-30443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30443"
},
{
"name": "CVE-2025-30426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30426"
},
{
"name": "CVE-2025-30427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30427"
},
{
"name": "CVE-2025-31183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31183"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0258",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-01T00:00:00.000000"
},
{
"description": "Ajout de multiples identifiants CVE.",
"revision_date": "2025-04-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nApple indique que les vuln\u00e9rabilit\u00e9s CVE-2025-24200 et CVE-2025-24201 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122378",
"url": "https://support.apple.com/en-us/122378"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122371",
"url": "https://support.apple.com/en-us/122371"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122380",
"url": "https://support.apple.com/en-us/122380"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122379",
"url": "https://support.apple.com/en-us/122379"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122345",
"url": "https://support.apple.com/en-us/122345"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122373",
"url": "https://support.apple.com/en-us/122373"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122372",
"url": "https://support.apple.com/en-us/122372"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122377",
"url": "https://support.apple.com/en-us/122377"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122346",
"url": "https://support.apple.com/en-us/122346"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122374",
"url": "https://support.apple.com/en-us/122374"
},
{
"published_at": "2025-03-31",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122375",
"url": "https://support.apple.com/en-us/122375"
}
]
}
CERTFR-2025-AVI-0938
Vulnerability from certfr_avis - Published: 2025-10-30 - Updated: 2025-10-30
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu | Tanzu pour Postgres versions antérieures à 4.3.1 sur Kubernetes | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 6.31.0 | ||
| VMware | Tanzu | Tanzu pour Postgres versions antérieures à 13.22.0, 14.19.0, 15.14.0, 16.10.0 et 17.6.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions antérieures à 7.6.0 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu pour Postgres versions ant\u00e9rieures \u00e0 4.3.1 sur Kubernetes",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.31.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres versions ant\u00e9rieures \u00e0 13.22.0, 14.19.0, 15.14.0, 16.10.0 et 17.6.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 7.6.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-6395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2025-8715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
},
{
"name": "CVE-2022-39176",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39176"
},
{
"name": "CVE-2025-9231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
},
{
"name": "CVE-2023-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
},
{
"name": "CVE-2021-38593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38593"
},
{
"name": "CVE-2025-5222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5222"
},
{
"name": "CVE-2020-26557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26557"
},
{
"name": "CVE-2019-25059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25059"
},
{
"name": "CVE-2024-46951",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46951"
},
{
"name": "CVE-2025-31273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31273"
},
{
"name": "CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"name": "CVE-2025-32913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32913"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2022-39177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39177"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-2720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2720"
},
{
"name": "CVE-2024-46956",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46956"
},
{
"name": "CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"name": "CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"name": "CVE-2024-46953",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46953"
},
{
"name": "CVE-2025-24216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24216"
},
{
"name": "CVE-2025-43212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43212"
},
{
"name": "CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"name": "CVE-2025-24150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24150"
},
{
"name": "CVE-2021-45078",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
},
{
"name": "CVE-2023-2222",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2222"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-2784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2784"
},
{
"name": "CVE-2022-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4055"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2022-44840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
},
{
"name": "CVE-2024-44192",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44192"
},
{
"name": "CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"name": "CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-2723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2723"
},
{
"name": "CVE-2025-31278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31278"
},
{
"name": "CVE-2020-26559",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26559"
},
{
"name": "CVE-2023-46751",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46751"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-2724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2724"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2022-30294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30294"
},
{
"name": "CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"name": "CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"name": "CVE-2025-43368",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43368"
},
{
"name": "CVE-2023-52355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52355"
},
{
"name": "CVE-2024-46954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46954"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2025-9232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
},
{
"name": "CVE-2020-26556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26556"
},
{
"name": "CVE-2025-8713",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
},
{
"name": "CVE-2025-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
},
{
"name": "CVE-2005-2541",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2541"
},
{
"name": "CVE-2021-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
},
{
"name": "CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"name": "CVE-2024-52533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
},
{
"name": "CVE-2025-32914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32914"
},
{
"name": "CVE-2021-32256",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
},
{
"name": "CVE-2025-43343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43343"
},
{
"name": "CVE-2025-32990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
},
{
"name": "CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
},
{
"name": "CVE-2025-32989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2025-43272",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43272"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-6558",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6558"
},
{
"name": "CVE-2025-8714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
},
{
"name": "CVE-2025-32906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32906"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2020-26560",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26560"
},
{
"name": "CVE-2025-32988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2025-43216",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43216"
},
{
"name": "CVE-2023-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2004"
},
{
"name": "CVE-2025-52194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52194"
},
{
"name": "CVE-2025-6021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
},
{
"name": "CVE-2023-24607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24607"
},
{
"name": "CVE-2025-24209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24209"
},
{
"name": "CVE-2024-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0444"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2017-17973",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17973"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-43342",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43342"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2025-32049",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32049"
},
{
"name": "CVE-2025-4948",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4948"
},
{
"name": "CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"name": "CVE-2024-4453",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4453"
},
{
"name": "CVE-2025-31257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31257"
},
{
"name": "CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2025-11021",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11021"
},
{
"name": "CVE-2023-1579",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1579"
},
{
"name": "CVE-2024-46952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46952"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
},
{
"name": "CVE-2025-7345",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7345"
},
{
"name": "CVE-2025-30427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30427"
},
{
"name": "CVE-2025-32911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32911"
}
],
"initial_release_date": "2025-10-30T00:00:00",
"last_revision_date": "2025-10-30T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0938",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-10-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36277",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36277"
},
{
"published_at": "2025-10-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36284",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36284"
},
{
"published_at": "2025-10-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36281",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36281"
},
{
"published_at": "2025-10-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36282",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36282"
},
{
"published_at": "2025-10-29",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36283",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36283"
}
]
}
alsa-2025:3713
Vulnerability from osv_almalinux
Published
2025-04-08 00:00
Modified
2025-04-09 08:21
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44192)
- webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-54467)
- webkitgtk: Processing web content may lead to a denial-of-service (CVE-2024-54551)
- webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack (CVE-2025-24208)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-24209)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-24216)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-30427)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el9_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el9_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el9_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el9_5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. \n\nSecurity Fix(es): \n\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44192)\n * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-54467)\n * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2024-54551)\n * webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack (CVE-2025-24208)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-24209)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-24216)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-30427)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:3713",
"modified": "2025-04-09T08:21:19Z",
"published": "2025-04-08T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:3713"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-44192"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-54467"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-54551"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-24208"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-24209"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-24216"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30427"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2353871"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2353872"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357909"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357910"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357911"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357917"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357919"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-3713.html"
}
],
"related": [
"CVE-2024-44192",
"CVE-2024-54467",
"CVE-2024-54551",
"CVE-2025-24208",
"CVE-2025-24209",
"CVE-2025-24216",
"CVE-2025-30427"
],
"summary": "Important: webkit2gtk3 security update"
}
alsa-2025:3974
Vulnerability from osv_almalinux
Published
2025-04-17 00:00
Modified
2025-04-21 07:46
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44192)
- webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-54467)
- webkitgtk: Processing web content may lead to a denial-of-service (CVE-2024-54551)
- webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack (CVE-2025-24208)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-24209)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-24216)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-30427)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. \n\nSecurity Fix(es): \n\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44192)\n * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-54467)\n * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2024-54551)\n * webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack (CVE-2025-24208)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-24209)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-24216)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-30427)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:3974",
"modified": "2025-04-21T07:46:50Z",
"published": "2025-04-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:3974"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-44192"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-54467"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-54551"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-24208"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-24209"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-24216"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30427"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2353871"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2353872"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357909"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357910"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357911"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357917"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357919"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-3974.html"
}
],
"related": [
"CVE-2024-44192",
"CVE-2024-54467",
"CVE-2024-54551",
"CVE-2025-24208",
"CVE-2025-24209",
"CVE-2025-24216",
"CVE-2025-30427"
],
"summary": "Important: webkit2gtk3 security update"
}
alsa-2025:7387
Vulnerability from osv_almalinux
Published
2025-05-13 00:00
Modified
2025-05-21 06:12
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44192)
- webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-54467)
- webkitgtk: Processing web content may lead to a denial-of-service (CVE-2024-54551)
- webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack (CVE-2025-24208)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-24209)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-24216)
- webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-30427)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el9_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el9_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el9_6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.48.1-1.el9_6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. \n\nSecurity Fix(es): \n\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2024-44192)\n * webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2024-54467)\n * webkitgtk: Processing web content may lead to a denial-of-service (CVE-2024-54551)\n * webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack (CVE-2025-24208)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-24209)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-24216)\n * webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-30427)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:7387",
"modified": "2025-05-21T06:12:52Z",
"published": "2025-05-13T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:7387"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-44192"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-54467"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-54551"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-24208"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-24209"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-24216"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-30427"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2353871"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2353872"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357909"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357910"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357911"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357917"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2357919"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-7387.html"
}
],
"related": [
"CVE-2024-44192",
"CVE-2024-54467",
"CVE-2024-54551",
"CVE-2025-24208",
"CVE-2025-24209",
"CVE-2025-24216",
"CVE-2025-30427"
],
"summary": "Important: webkit2gtk3 security update"
}
BDU:2025-04771
Vulnerability from fstec - Published: 31.03.2025
VLAI Severity ?
Title
Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю оказать воздействие на конфиденциальность, целость и доступность защищаемой информации
Description
Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit связана с копированием буфера без проверки размера входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, оказать воздействие на конфиденциальность, целость и доступность защищаемой информации путем обработки или загрузки специально созданного веб-контента
Severity ?
Vendor
Red Hat Inc., Novell Inc., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Fedora Project, Apple Inc.
Software Name
Red Hat Enterprise Linux, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, Suse Linux Enterprise Server, OpenSUSE Leap, Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), SUSE Liberty Linux, Fedora, iOS, iPadOS, MacOS, tvOS, Safari, WebKitGTK, WPE WebKit
Software Version
7 (Red Hat Enterprise Linux), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 8 (Red Hat Enterprise Linux), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 15 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP2 (Suse Linux Enterprise Desktop), 12 SP2 (Suse Linux Enterprise Server), 15-LTSS (Suse Linux Enterprise Server), 12 SP4-ESPOS (Suse Linux Enterprise Server), 12 SP4-LTSS (Suse Linux Enterprise Server), 15 SP1-BCL (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 15.3 (OpenSUSE Leap), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 15 SP2 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Server), 15 SP2-BCL (Suse Linux Enterprise Server), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 9 (Red Hat Enterprise Linux), 15 SP2-LTSS (Suse Linux Enterprise Server), 15 SP1 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Desktop), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP3-BCL (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 9 (SUSE Liberty Linux), 9.2 Extended Update Support (Red Hat Enterprise Linux), 15 SP4-LTSS (Suse Linux Enterprise Server), 41 (Fedora), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 1.8 (Astra Linux Special Edition), 12 SP5-LTSS (Suse Linux Enterprise Server), 12 SP5 LTSS Extended Security (Suse Linux Enterprise Server), 9.4 Extended Update Support (Red Hat Enterprise Linux), 15 SP5-LTSS (Suse Linux Enterprise Server), до 18.4 (iOS), до 18.4 (iPadOS), Sequoia до 15.4 (MacOS), до 18.4 (tvOS), до 18.4 (Safari), до 17.7.6 (iPadOS), 42 (Fedora), до 2.48.1 (WebKitGTK), до 2.48.1 (WPE WebKit)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года
Использование рекомендаций:
Для WebKitGTK и WPE WebKit:
https://webkitgtk.org/security/WSA-2025-0003.html
Для программных продуктов Apple:
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122379
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2025-24209
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2025-24209
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2025-24209.html
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2324X5FF4NP73LLTFFGCOIJKPFCQ672/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATMMGYV5L6TKIZ7F3BLSRRXF4TRQ4YZZ/
Для ОС Astra Linux:
обновить пакет webkit2gtk до 2.48.3-1~deb12u1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18
Для ОС Astra Linux:
обновить пакет webkit2gtk до 2.48.5-1.astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17
Для ОС Astra Linux:
обновить пакет webkit2gtk до 2.48.5-1.astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47
Reference
https://webkitgtk.org/security/WSA-2025-0003.html
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122379
https://access.redhat.com/security/cve/cve-2025-24209
https://security-tracker.debian.org/tracker/CVE-2025-24209
https://www.suse.com/security/cve/CVE-2025-24209.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2324X5FF4NP73LLTFFGCOIJKPFCQ672/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATMMGYV5L6TKIZ7F3BLSRRXF4TRQ4YZZ/
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47
CWE
CWE-120
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, Apple Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP2 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (SUSE Linux Enterprise Server for SAP Applications), 12 SP4 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 8 (Red Hat Enterprise Linux), 12 SP2-BCL (Suse Linux Enterprise Server), 12 SP2-ESPOS (Suse Linux Enterprise Server), 15 (SUSE Linux Enterprise Server for SAP Applications), 15 SP1 (SUSE Linux Enterprise Server for SAP Applications), 12 SP2-LTSS (Suse Linux Enterprise Server), 12 SP3-LTSS (Suse Linux Enterprise Server), 12 SP3-BCL (Suse Linux Enterprise Server), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Server for SAP Applications), 12 SP3-ESPOS (Suse Linux Enterprise Server), 12 SP2 (Suse Linux Enterprise Desktop), 12 SP2 (Suse Linux Enterprise Server), 15-LTSS (Suse Linux Enterprise Server), 12 SP4-ESPOS (Suse Linux Enterprise Server), 12 SP4-LTSS (Suse Linux Enterprise Server), 15 SP1-BCL (Suse Linux Enterprise Server), 15 SP1-LTSS (Suse Linux Enterprise Server), 15.3 (OpenSUSE Leap), 15 SP1 (Suse Linux Enterprise Server), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 15 SP3 (Suse Linux Enterprise Server), 15 SP3 (SUSE Linux Enterprise Server for SAP Applications), 15 SP3 (Suse Linux Enterprise Desktop), 15 SP2 (Suse Linux Enterprise Server), 15 SP2 (SUSE Linux Enterprise Server for SAP Applications), 15 SP2 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Server), 15 SP2-BCL (Suse Linux Enterprise Server), 15 SP4 (SUSE Linux Enterprise Server for SAP Applications), 9 (Red Hat Enterprise Linux), 15 SP2-LTSS (Suse Linux Enterprise Server), 15 SP1 (Suse Linux Enterprise Desktop), 15 (Suse Linux Enterprise Desktop), 15 SP3-LTSS (Suse Linux Enterprise Server), 15 SP3-BCL (Suse Linux Enterprise Server), 15 SP5 (SUSE Linux Enterprise Server for SAP Applications), 9 (SUSE Liberty Linux), 9.2 Extended Update Support (Red Hat Enterprise Linux), 15 SP4-LTSS (Suse Linux Enterprise Server), 41 (Fedora), 15 SP6 (Suse Linux Enterprise Desktop), 15 SP6 (Suse Linux Enterprise Server), 15 SP6 (SUSE Linux Enterprise Server for SAP Applications), 1.8 (Astra Linux Special Edition), 12 SP5-LTSS (Suse Linux Enterprise Server), 12 SP5 LTSS Extended Security (Suse Linux Enterprise Server), 9.4 Extended Update Support (Red Hat Enterprise Linux), 15 SP5-LTSS (Suse Linux Enterprise Server), \u0434\u043e 18.4 (iOS), \u0434\u043e 18.4 (iPadOS), Sequoia \u0434\u043e 15.4 (MacOS), \u0434\u043e 18.4 (tvOS), \u0434\u043e 18.4 (Safari), \u0434\u043e 17.7.6 (iPadOS), 42 (Fedora), \u0434\u043e 2.48.1 (WebKitGTK), \u0434\u043e 2.48.1 (WPE WebKit)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f WebKitGTK \u0438 WPE WebKit:\nhttps://webkitgtk.org/security/WSA-2025-0003.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apple:\nhttps://support.apple.com/en-us/122371\nhttps://support.apple.com/en-us/122372\nhttps://support.apple.com/en-us/122373\nhttps://support.apple.com/en-us/122377\nhttps://support.apple.com/en-us/122379\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2025-24209\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-24209\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2025-24209.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2324X5FF4NP73LLTFFGCOIJKPFCQ672/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATMMGYV5L6TKIZ7F3BLSRRXF4TRQ4YZZ/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.48.3-1~deb12u1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.48.5-1.astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.48.5-1.astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "31.03.2025",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.10.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.04.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-04771",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-24209",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Server for SAP Applications, Suse Linux Enterprise Server, OpenSUSE Leap, Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), SUSE Liberty Linux, Fedora, iOS, iPadOS, MacOS, tvOS, Safari, WebKitGTK, WPE WebKit",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , Novell Inc. Suse Linux Enterprise Desktop 12 SP3 , Novell Inc. Suse Linux Enterprise Desktop 12 SP4 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP4 , Novell Inc. Suse Linux Enterprise Server 12 SP3 , Novell Inc. Suse Linux Enterprise Server 12 SP4 , Red Hat Inc. Red Hat Enterprise Linux 8 , Novell Inc. Suse Linux Enterprise Server 12 SP2-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP2-ESPOS , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP1 , Novell Inc. Suse Linux Enterprise Server 12 SP2-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP3-BCL , Novell Inc. Suse Linux Enterprise Server 12 SP5 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 12 SP5 , Novell Inc. Suse Linux Enterprise Server 12 SP3-ESPOS , Novell Inc. Suse Linux Enterprise Desktop 12 SP2 , Novell Inc. Suse Linux Enterprise Server 12 SP2 , Novell Inc. Suse Linux Enterprise Server 15-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP4-ESPOS , Novell Inc. Suse Linux Enterprise Server 12 SP4-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP1-BCL , Novell Inc. Suse Linux Enterprise Server 15 SP1-LTSS , Novell Inc. OpenSUSE Leap 15.3 , Novell Inc. Suse Linux Enterprise Server 15 SP1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Server 15 SP3 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3 , Novell Inc. Suse Linux Enterprise Desktop 15 SP3 , Novell Inc. Suse Linux Enterprise Server 15 SP2 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP2 , Novell Inc. Suse Linux Enterprise Desktop 15 SP2 , Novell Inc. Suse Linux Enterprise Server 15 , Novell Inc. Suse Linux Enterprise Server 15 SP2-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4 , Red Hat Inc. Red Hat Enterprise Linux 9 , Novell Inc. Suse Linux Enterprise Server 15 SP2-LTSS , Novell Inc. Suse Linux Enterprise Desktop 15 SP1 , Novell Inc. Suse Linux Enterprise Desktop 15 , Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS , Novell Inc. Suse Linux Enterprise Server 15 SP3-BCL , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5 , Novell Inc. SUSE Liberty Linux 9 , Red Hat Inc. Red Hat Enterprise Linux 9.2 Extended Update Support , Novell Inc. Suse Linux Enterprise Server 15 SP4-LTSS , Fedora Project Fedora 41 , Novell Inc. Suse Linux Enterprise Desktop 15 SP6 , Novell Inc. Suse Linux Enterprise Server 15 SP6 , Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. Suse Linux Enterprise Server 12 SP5-LTSS , Novell Inc. Suse Linux Enterprise Server 12 SP5 LTSS Extended Security , Red Hat Inc. Red Hat Enterprise Linux 9.4 Extended Update Support , Novell Inc. Suse Linux Enterprise Server 15 SP5-LTSS , Apple Inc. iOS \u0434\u043e 18.4 , Apple Inc. iPadOS \u0434\u043e 18.4 , Apple Inc. MacOS Sequoia \u0434\u043e 15.4 , Apple Inc. tvOS \u0434\u043e 18.4 , Apple Inc. iPadOS \u0434\u043e 17.7.6 , Fedora Project Fedora 42 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0438\u043b\u0438 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0432\u0435\u0431-\u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://webkitgtk.org/security/WSA-2025-0003.html\nhttps://support.apple.com/en-us/122371\nhttps://support.apple.com/en-us/122372\nhttps://support.apple.com/en-us/122373\nhttps://support.apple.com/en-us/122377\nhttps://support.apple.com/en-us/122379\nhttps://access.redhat.com/security/cve/cve-2025-24209\nhttps://security-tracker.debian.org/tracker/CVE-2025-24209\nhttps://www.suse.com/security/cve/CVE-2025-24209.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y2324X5FF4NP73LLTFFGCOIJKPFCQ672/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ATMMGYV5L6TKIZ7F3BLSRRXF4TRQ4YZZ/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0811SE18\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0923SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1020SE47",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-120",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
FKIE_CVE-2025-24209
Vulnerability from fkie_nvd - Published: 2025-03-31 23:15 - Updated: 2026-04-02 19:19
Severity ?
Summary
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122371 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122372 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122373 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122376 | ||
| product-security@apple.com | https://support.apple.com/en-us/122377 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122379 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Apr/11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Apr/13 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Apr/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Apr/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Apr/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2025/Apr/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45D15738-9AE3-4CB5-8755-A67F6E09EAC5",
"versionEndExcluding": "18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "687E67E4-136D-4154-BA6F-5ACA16254023",
"versionEndExcluding": "17.7.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAF5169-C6A9-449A-B41F-2CB1801EBA4B",
"versionEndExcluding": "18.4",
"versionStartIncluding": "18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990",
"versionEndExcluding": "18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1320B815-0457-4276-83B9-AFAFDAF17EDA",
"versionEndExcluding": "15.4",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C61CCC2-87D3-4A3A-837B-63C48299A7AD",
"versionEndExcluding": "18.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected process crash."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de desbordamiento de b\u00fafer mejorando la gesti\u00f3n de memoria. Este problema se solucion\u00f3 en tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 y iPadOS 18.4, y macOS Sequoia 15.4. El procesamiento de contenido web malintencionado puede provocar un bloqueo inesperado del proceso."
}
],
"id": "CVE-2025-24209",
"lastModified": "2026-04-02T19:19:19.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-03-31T23:15:18.870",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/122371"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/122372"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/122373"
},
{
"source": "product-security@apple.com",
"url": "https://support.apple.com/en-us/122376"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/122377"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/122379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Apr/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Apr/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Apr/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Apr/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Apr/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2025/Apr/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-J8GC-8GRP-VFFR
Vulnerability from github – Published: 2025-04-01 00:30 – Updated: 2026-04-02 21:32
VLAI?
Details
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.
Severity ?
7.0 (High)
{
"affected": [],
"aliases": [
"CVE-2025-24209"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-31T23:15:18Z",
"severity": "HIGH"
},
"details": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Processing maliciously crafted web content may lead to an unexpected process crash.",
"id": "GHSA-j8gc-8grp-vffr",
"modified": "2026-04-02T21:32:13Z",
"published": "2025-04-01T00:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24209"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122371"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122372"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122373"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122376"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122377"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/122379"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Apr/11"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Apr/13"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Apr/2"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Apr/4"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Apr/5"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2025/Apr/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…