CVE-2025-31254 | THREATINT

Description

This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.

PUBLISHED Reserved 2025-03-27 | Published 2025-09-15 | Updated 2025-09-16 | Assigner apple

Problem types

Processing maliciously crafted web content may lead to unexpected URL redirection

Product status

Any version before 26

affected

Any version before 26

affected

References

support.apple.com/en-us/125108

support.apple.com/en-us/125113

cve.org (CVE-2025-31254)

nvd.nist.gov (CVE-2025-31254)

Download JSON