CVE-2025-30427

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

INFO

Published Date :

2025-03-31T22:24:24.350Z

Last Modified :

2026-04-02T18:26:48.583Z

Source :

apple

AFFECTED PRODUCTS

The following products are affected by CVE-2025-30427 vulnerability.

Vendors	Products
Apple	Ipados Iphone Os Macos Safari Tvos Visionos
Redhat	Enterprise Linux Openshift Devspaces Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30427.

URL	Resource
http://seclists.org/fulldisclosure/2025/Apr/11
http://seclists.org/fulldisclosure/2025/Apr/12
http://seclists.org/fulldisclosure/2025/Apr/13
http://seclists.org/fulldisclosure/2025/Apr/2
http://seclists.org/fulldisclosure/2025/Apr/4
http://seclists.org/fulldisclosure/2025/Apr/5
http://seclists.org/fulldisclosure/2025/Apr/8
https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html
https://nvd.nist.gov/vuln/detail/CVE-2025-30427
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122376
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122378
https://support.apple.com/en-us/122379
https://webkitgtk.org/security/WSA-2025-0003.html
https://www.cve.org/CVERecord?id=CVE-2025-30427

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact