CVE-2025-30425

Published Mar 31, 2025

Last updated 24 days ago

CVSS medium 4.3

Overview

Description: This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. A malicious website may be able to track users in Safari private browsing mode.
Source: product-security@apple.com
NVD status: Modified
Products: safari, ipados, iphone_os, macos, tvos

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "45D15738-9AE3-4CB5-8755-A67F6E09EAC5",
            "versionEndExcluding": "18.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "687E67E4-136D-4154-BA6F-5ACA16254023",
            "versionEndExcluding": "17.7.6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BAAF5169-C6A9-449A-B41F-2CB1801EBA4B",
            "versionEndExcluding": "18.4",
            "versionStartIncluding": "18.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990",
            "versionEndExcluding": "18.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "1320B815-0457-4276-83B9-AFAFDAF17EDA",
            "versionEndExcluding": "15.4",
            "versionStartIncluding": "15.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8C61CCC2-87D3-4A3A-837B-63C48299A7AD",
            "versionEndExcluding": "18.4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References