CVE-2025-24201 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-03-11

Added to CISA KEV: 2025-03-13 2 DAYS BETWEEN CVE AND KEV

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately update to patched versions: iOS 18.3.2+, macOS 15.3.2+, Safari 18.3.1+, visionOS 2.3.2+, watchOS 11.4+
Monitor for suspicious web activity and unexpected application behavior on Apple devices
Consider temporary browsing restrictions for high-value targets until patches are applied
CRITICAL priority for all Apple device updates due to active exploitation

CVE-2025-24201 is a security vulnerability in Apple's WebKit that allows an attacker to escape the Web Content sandbox ^[1] ^[2].

Feature	Description
Vulnerability Type	Out-of-bounds write in web content processing ^[2]
Exploitation	Actively exploited in the wild in highly sophisticated, targeted attacks ^[1] ^[3]
Method	Remote exploitation via maliciously crafted web content ^[2]
Impact	Sandbox escape and potential arbitrary code execution on the device ^[2]
Status	Included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog ^[1]

Active Exploitation & Threat Actors: Apple has acknowledged reports that this vulnerability was exploited in extremely sophisticated attacks against specific, targeted individuals on versions of iOS prior to 17.2 ^[1]. It is not associated with broad ransomware campaigns, but rather high-end, targeted exploitation ^[3].
Exploitation Requirements: The attack is remote and relies on the victim processing maliciously crafted web content ^[2].
Proof-of-Concept: While the vulnerability has been exploited in the wild, there is no widespread public availability of a proof-of-concept (PoC) exploit tool for general use.
Patch Status: This vulnerability was addressed as a supplementary fix for an attack previously blocked in iOS 17.2 ^[1]. Users are strongly advised to ensure their Apple devices are updated to the latest available software versions to mitigate this and other security risks ^[3].

CVE-2025-24201 Detail - NVD
Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple ... This CVE is in CISA's Known Exploited Vulnerabilities Catalog Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for…
CVE-2025-24201 - Exploits & Severity - Feedly
Summary. An out-of-bounds write vulnerability in web content processing that could allow attackers to break out of the Web Content sandbox. This is a supplementary fix for a previously blocked attack in iOS 17.2, with indications that it may have been exploited in a sophisticated targeted attack. Im…
CVE-2025-24056 - Exploits & Severity - Feedly
Feedly estimated the CVSS as HIGH based on the CVE details, attack complexity, and exploit information. ... A zero-day vulnerability (CVE-2025-24201) in Apple s WebKit has been actively exploited, highlighting advanced targeting of Apple products with complex techniques, underscoring the urgency of…

🟢 CVE-2025-24201