Device Management
Endpoint Detection & Response
Vulnerability Management
Kai
Liftoff
Prism
Migration Agent
Auto Apps
Passport
Compliance
Assignment Maps
Managed OS
Integrations
Mac
iPhone and iPad
Apple TV
Vision Pro
Financial Services
Technology
Artificial Intelligence
Marketing Agencies
Healthcare & Biotech
Startup
Growth
Enterprise
Resources Hub
Kandji Blog
Customer Stories
Mac Admins Community
Security Details
MDM Comparison Guide
Customer Support
Product Updates
Kandji Status
Customer Login
Register a Deal
Become a Partner
Partner Portal
About Kandji
News & Press
Careers
Contact
Why Kandji?
Threat Research Knowledge Base Vulnerabilities CVE-2025-24167
CVE-2025-24167
Description
CVE-2025-24167 is a security vulnerability in Apple's Safari browser and operating systems that could allow a download's origin to be incorrectly associated. The issue was addressed by Apple through improved state management in Safari 18.4, iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4.
Impact
Exploitation of this vulnerability could lead to a download's origin being incorrectly associated, potentially allowing malicious websites to bypass security restrictions. The severity of this issue has been assessed as follows:
CISA-ADP assessment
CVSS v3.1 Base Score: 9.8 (Critical)
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHas been exploited in the wild
No
Operating systems impacted
- iOS (prior to 18.4)
- iPadOS (prior to 18.4)
- macOS Sequoia (prior to 15.4)
Additional resources
Apps impacted
- Safari (prior to 18.4)
Related
Exploitation of this vulnerability could lead to unauthorized modification of protected file system areas by an application. The severity of this issue has been assessed as follows:
Exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected devices, leading to potential data breaches, unauthorized access, or further compromise of the system.The severity of this issue has been assessed as follows:
Exploitation of this vulnerability could lead to a denial-of-service condition by causing unexpected application termination. The severity of this issue has been assessed as follows:
Manage and secure your Apple devices at scale.
