exploitDog

CVE-2025-43526

Опубликовано: 17 дек. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.

Ссылки

https://support.apple.com/en-us/125886
Release Notes
Vendor Advisory
https://support.apple.com/en-us/125892
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Версия до 26.2 (исключая)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия до 26.2 (исключая)

EPSS

Процентиль: 17%

0.00055

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-601

Связанные уязвимости

GHSA-338x-j9c9-2c8v

CVSS3: 9.8

github

около 2 месяцев назад

This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.

EPSS

Процентиль: 17%

0.00055

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-601