CVE-2025-24150
Published: 27 January 2025
Summary
CVE-2025-24150 is a high-severity Command Injection (CWE-77) vulnerability in Apple Safari. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 41.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the command injection vulnerability by installing patched versions of Safari, iOS, iPadOS, and macOS Sequoia with improved file handling in Web Inspector.
Prevents command injection by enforcing validation of untrusted inputs such as maliciously crafted URLs copied from Web Inspector.
Detects the presence of CVE-2025-24150 through vulnerability scanning of affected Apple software versions to enable timely patching.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection vulnerability in Safari (client application) directly enables exploitation for client execution (T1203) and arbitrary command execution via Unix shell (T1059.004) on affected Apple platforms.
NVD Description
A privacy issue was addressed with improved handling of files. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. Copying a URL from Web Inspector may lead to command injection.
Deeper analysisAI
CVE-2025-24150 is a command injection vulnerability (CWE-77) stemming from inadequate handling of files, specifically where copying a URL from Web Inspector can trigger command injection. The issue affects Safari versions prior to 18.3, iOS prior to 18.3, iPadOS prior to 18.3, and macOS Sequoia prior to 15.3. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
A remote attacker without privileges can exploit this vulnerability by tricking a target user into copying a maliciously crafted URL from Web Inspector, which requires user interaction. Successful exploitation enables command injection, potentially granting the attacker high-impact access to compromise confidentiality, integrity, and availability on the affected system.
Apple advisories confirm the issue was fixed with improved file handling in Safari 18.3, iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3. Mitigation involves updating to these patched versions, as detailed in support documents at https://support.apple.com/en-us/122066, https://support.apple.com/en-us/122068, and https://support.apple.com/en-us/122074, along with full disclosure postings at http://seclists.org/fulldisclosure/2025/Jan/13 and http://seclists.org/fulldisclosure/2025/Jan/15.
Details
- CWE(s)