AI description
CVE-2025-30466 is a security vulnerability affecting Apple Safari and related operating systems, including Safari 18.4, iOS 18.4, iPadOS 18.4, visionOS 2.4, and macOS Sequoia 15.4. Discovered by Jaydev Ahire and @RenwaX23, it was publicly disclosed on May 28, 2025. The vulnerability stems from a state management issue in Safari's handling of web content. This vulnerability allows a website to bypass the Same Origin Policy, a security mechanism that prevents websites from accessing data from other domains. Exploitation could lead to cross-site scripting attacks, data theft, and unauthorized access to sensitive information from other websites. Apple has addressed this issue through improved state management in the updated versions of Safari, iOS, iPadOS, visionOS, and macOS.
- Description
- This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. A website may be able to bypass Same Origin Policy.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- safari, ipados, iphone_os, macos, visionos
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-346
- Hype score
- Not currently trending
Исследователь безопасности, который сообщил Apple о критической уязвимости в Safari, получил за это всего $1000 Уязвимость CVE-2025-30466, которую Apple оценила как крит
@aaplpro
1 Aug 2025
406 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
1/ Исследователь RenwaX23 нашёл критическую уязвимость в Safari (CVE-2025-30466). Apple оценила её в 9,8/10 и выплатила $1000. Хакер мог выдавать себя за пользователя, получая д
@habr_com
1 Aug 2025
1319 Impressions
0 Retweets
3 Likes
2 Bookmarks
1 Reply
0 Quotes
كرم محبوبه الملاين❤️ 💸 آبل دفعت 1000 دولار مقابل ثغرة خطيرة في سفاري باحث أمني اسمه RenwaX23 اكتشف ثغرة خطيرة جدًا في متصفح Safari. آبل قيّمتها 9.8 من 10 من ناحية ال
@altmemy199
1 Aug 2025
1220 Impressions
0 Retweets
4 Likes
2 Bookmarks
1 Reply
0 Quotes
Excited to share that I’ve been credited with my second CVE from Apple! CVE-2025-30466 The vulnerability allows a website to bypass the Same Origin Policy, one of the core security mechanisms used to protect user data and isolate web content. https://t.co/NqyLUyQ6sh
@minacrissDev_
12 Jun 2025
682 Impressions
1 Retweet
5 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-30466: Safari <18.4 UXSS to bypass Same-Origin Policy with CVSS of Critical 9.8 🔴 ;) https://t.co/VyYEoj3L3G
@RenwaX23
4 Jun 2025
5340 Impressions
18 Retweets
147 Likes
37 Bookmarks
4 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45D15738-9AE3-4CB5-8755-A67F6E09EAC5",
"versionEndExcluding": "18.4"
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B3450F7-7B4A-46CE-A6E0-BBE6569F2EBF",
"versionEndExcluding": "18.4"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990",
"versionEndExcluding": "18.4"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3BD0A90-23F1-430A-8119-E14055F7E621",
"versionEndExcluding": "15.4"
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E82603D7-A630-4B9B-9C51-880667F05EC7",
"versionEndExcluding": "2.4"
}
],
"operator": "OR"
}
]
}
]