CVE-2025-24201: Buffer Overflow
First published: Tue Mar 11 2025(Updated: )
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2, Safari 18.3.1. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
Credit: Apple product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| visionOS | <2.3.2 | |
| Apple iOS, iPadOS, and watchOS | <17.2 | |
| Apple iOS, iPadOS, and watchOS | <17.2 | |
| macOS | <15.3.2 | |
| visionOS | <2.3.2 | 2.3.2 |
| macOS | <15.3.2 | 15.3.2 |
| Apple iOS, iPadOS, and watchOS | <18.3.2 | 18.3.2 |
| Apple iOS, iPadOS, and watchOS | <18.3.2 | 18.3.2 |
| Apple Mobile Safari | <18.3.1 | 18.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2025-24201?
CVE-2025-24201 is considered a critical vulnerability due to its potential to allow unauthorized actions through an out-of-bounds write issue.
How do I fix CVE-2025-24201?
To mitigate CVE-2025-24201, upgrade to visionOS 2.3.2, iOS 18.3.2, iPadOS 18.3.2, or macOS Sequoia 15.3.2.
What software versions are affected by CVE-2025-24201?
CVE-2025-24201 affects versions of visionOS prior to 2.3.2, iOS prior to 18.3.2, iPadOS prior to 18.3.2, and macOS Sequoia prior to 15.3.2.
What type of attack can exploit CVE-2025-24201?
CVE-2025-24201 can be exploited through maliciously crafted web content allowing it to escape the Web Content sandbox.
Which Apple product requires an update to address CVE-2025-24201?
Apple products including visionOS, iOS, iPadOS, macOS Sequoia, and Safari require an update to address CVE-2025-24201.
- collector/mitre-cve
- source/MITRE
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/first-publish-date
- collector/apple-support
- source/Apple
- agent/author
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/description
- collector/the-register
- source/The Register
- alias/CVE-2025-24993
- alias/CVE-2025-24991
- alias/CVE-2025-24984
- alias/CVE-2025-24985
- alias/CVE-2025-24983
- alias/CVE-2025-26633
- alias/CVE-2025-24035
- alias/CVE-2025-24045
- alias/CVE-2025-26645
- alias/CVE-2025-24057
- alias/CVE-2025-24064
- alias/CVE-2025-24084
- alias/CVE-2025-26630
- alias/CVE-2025-24201
- alias/CVE-2024-50302
- alias/CVE-2024-43093
- agent/news-ai
- zeroday/true
- exploited/true
- agent/weakness
- agent/references
- agent/severity
- agent/source
- agent/event
- agent/tags
- agent/trending
- vendor/apple
- canonical/visionos
- canonical/apple ios, ipados, and watchos
- canonical/macos
- canonical/apple mobile safari