CVE-2025-31266 Apple — Exploit & Vulnerability Details MEDIUM

CVE-2025-31266

MEDIUM CVSS 3.1: 4.3 EPSS 0.03%

Parameter	Value
CVSS	4.3 (MEDIUM)
Affected Versions	before 18.5
Fixed In	18.5
Type	CWE-451
Vendor	Apple
Public PoC	No

A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

None

No data leak

Integrity

None

No data modification

Availability

Low

Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-451

Vulnerable Products 2

Configuration	From (including)	Up to (excluding)
Apple Safari cpe:2.3:a:apple:safari::::::::	—	`18.5`
Apple Macos cpe:2.3:o:apple:macos::::::::	—	`15.5`

References 2

https://support.apple.com/en-us/122716

product-security@apple.com

https://support.apple.com/en-us/122719

product-security@apple.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2025-43264

Apple

8.8

CVE-2025-43257

Apple

8.7

CVE-2025-43238

Apple

6.2

CVE-2025-43236

Apple

3.3

CVE-2025-43219

Apple

8.8

Menu

CVE-2025-31266

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 2

References 2

Related Vulnerabilities

CVE-2025-43264

CVE-2025-43257

CVE-2025-43238

CVE-2025-43236

CVE-2025-43219

CVE Details

Editor's Choice

Menu

CVE-2025-31266

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products 2

References 2

Related Vulnerabilities

CVE-2025-43264

CVE-2025-43257

CVE-2025-43238

CVE-2025-43236

CVE-2025-43219

CVE Details

Editor's Choice

Stay informed on cybersecurity