CVE-2025-43526

CVSS 9.8 CRITICALEPSS 0.5%CWE-601

This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Apple · macOS Apple · Safari

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://support.apple.com/en-us/125886 https://support.apple.com/en-us/125892