CVE-2025-43480

Description

The issue was addressed with improved checks. This issue is fixed in Safari 26.1, visionOS 26.1, watchOS 26.1, iOS 26.1 and iPadOS 26.1, tvOS 26.1. A malicious website may exfiltrate data cross-origin.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-04 | Updated 2025-11-04 | Assigner apple

Problem types

A malicious website may exfiltrate data cross-origin

Product status

References

support.apple.com/en-us/125640

support.apple.com/en-us/125637

support.apple.com/en-us/125638

support.apple.com/en-us/125639

support.apple.com/en-us/125632

cve.org (CVE-2025-43480)

nvd.nist.gov (CVE-2025-43480)

Download JSON