CVE-2025-24180

HIGH Year: 2025
CVSS v3 Score
8.1
High
Weakness Type
CWE-601
View all →

Vulnerability Description

The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix.

Related Vulnerabilities

CVE-2016-5385

HIGH
CVSS:8.1(High)

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY envir...

CWE-6012016

CVE-2018-1251

HIGH
CVSS:8.1(High)

Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unit...

CWE-6012018

CVE-2018-13813

HIGH
CVSS:8.1(High)

A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mob...

CWE-6012018

CVE-2022-20764

HIGH
CVSS:8.1(High)

Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) conditi...

CWE-6012022

CVE-2023-25734

HIGH
CVSS:8.1(High)

After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This ...

CWE-6012023

CVE-2024-22243

HIGH
CVSS:8.1(High)

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open ...

CWE-6012024