Description
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Apple | Safari | affected |
|
||||||
| Apple | iOS and iPadOS | affected |
|
||||||
| Apple | macOS | affected |
|
||||||
| Apple | tvOS | affected |
|
||||||
| Apple | visionOS | affected |
|
||||||
| Apple | watchOS | affected |
|
Configuration 1 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | |||
| webkitgtk4-0:2.48.3-2.el7_9 | cpe:/o:redhat:rhel_els:7 | RHSA-2025:10364 | 2025-07-07T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| webkit2gtk3-0:2.48.1-1.el8_10 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2025:3974 | 2025-04-17T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | |||
| webkit2gtk3-0:2.48.1-2.el8_2 | cpe:/a:redhat:rhel_aus:8.2 | RHSA-2025:8194 | 2025-05-27T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | |||
| webkit2gtk3-0:2.48.1-2.el8_4 | cpe:/a:redhat:rhel_aus:8.4 | RHSA-2025:8064 | 2025-05-21T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | |||
| webkit2gtk3-0:2.48.1-2.el8_4 | cpe:/a:redhat:rhel_tus:8.4 | RHSA-2025:8064 | 2025-05-21T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | |||
| webkit2gtk3-0:2.48.1-2.el8_4 | cpe:/a:redhat:rhel_e4s:8.4 | RHSA-2025:8064 | 2025-05-21T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | |||
| webkit2gtk3-0:2.48.1-2.el8_6 | cpe:/a:redhat:rhel_aus:8.6 | RHSA-2025:8066 | 2025-05-21T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | |||
| webkit2gtk3-0:2.48.1-2.el8_6 | cpe:/a:redhat:rhel_tus:8.6 | RHSA-2025:8066 | 2025-05-21T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | |||
| webkit2gtk3-0:2.48.1-2.el8_6 | cpe:/a:redhat:rhel_e4s:8.6 | RHSA-2025:8066 | 2025-05-21T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Extended Update Support | |||
| webkit2gtk3-0:2.48.1-1.el8_8 | cpe:/a:redhat:rhel_eus:8.8 | RHSA-2025:4445 | 2025-05-05T00:00:00Z |
| Red Hat Enterprise Linux 9 | |||
| webkit2gtk3-0:2.48.1-1.el9_5 | cpe:/a:redhat:enterprise_linux:9 | RHSA-2025:3713 | 2025-04-08T00:00:00Z |
| webkit2gtk3-0:2.48.1-1.el9_6 | cpe:/a:redhat:enterprise_linux:9 | RHSA-2025:7387 | 2025-05-13T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | |||
| webkit2gtk3-0:2.48.1-1.el9_0 | cpe:/a:redhat:rhel_e4s:9.0 | RHSA-2025:8065 | 2025-05-21T00:00:00Z |
| Red Hat Enterprise Linux 9.2 Extended Update Support | |||
| webkit2gtk3-0:2.48.1-3.el9_2 | cpe:/a:redhat:rhel_eus:9.2 | RHSA-2025:3756 | 2025-04-09T00:00:00Z |
| Red Hat Enterprise Linux 9.4 Extended Update Support | |||
| webkit2gtk3-0:2.48.1-2.el9_4 | cpe:/a:redhat:rhel_eus:9.4 | RHSA-2025:3755 | 2025-04-09T00:00:00Z |
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-4218-1 | webkit2gtk security update |
 Debian DSA |
DSA-5885-1 | webkit2gtk security update |
 EUVD |
EUVD-2024-54257 | A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. |
 Ubuntu USN |
USN-7395-1 | WebKitGTK vulnerabilities |
References
History
Thu, 02 Apr 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. | A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin. |
Mon, 03 Nov 2025 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 07 Jul 2025 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat rhel Els
|
|
| CPEs | cpe:/o:redhat:rhel_els:7 | |
| Vendors & Products |
Redhat rhel Els
|
Tue, 27 May 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:rhel_aus:8.2 |
Thu, 22 May 2025 03:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat rhel Aus
Redhat rhel E4s Redhat rhel Tus |
|
| CPEs | cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_tus:8.4 cpe:/a:redhat:rhel_tus:8.6 |
|
| Vendors & Products |
Redhat rhel Aus
Redhat rhel E4s Redhat rhel Tus |
Mon, 05 May 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:rhel_eus:8.8 |
Fri, 18 Apr 2025 03:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:enterprise_linux:8 |
Thu, 10 Apr 2025 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat rhel Eus
|
|
| CPEs | cpe:/a:redhat:rhel_eus:9.2 cpe:/a:redhat:rhel_eus:9.4 |
|
| Vendors & Products |
Redhat rhel Eus
|
Wed, 09 Apr 2025 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat
Redhat enterprise Linux |
|
| CPEs | cpe:/a:redhat:enterprise_linux:9 | |
| Vendors & Products |
Redhat
Redhat enterprise Linux |
Fri, 21 Mar 2025 03:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | webkitgtk: A malicious website may exfiltrate data cross-origin | |
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Fri, 14 Mar 2025 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apple
Apple ipados Apple iphone Os Apple macos Apple safari Apple tvos Apple watchos |
|
| Weaknesses | NVD-CWE-noinfo | |
| CPEs | cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
|
| Vendors & Products |
Apple
Apple ipados Apple iphone Os Apple macos Apple safari Apple tvos Apple watchos |
Tue, 11 Mar 2025 03:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-200 | |
| Metrics |
cvssV3_1
|
Mon, 10 Mar 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A cookie management issue was addressed with improved state management. This issue is fixed in watchOS 11, macOS Sequoia 15, Safari 18, visionOS 2, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: apple
Published:
Updated: 2026-04-02T18:23:35.555Z
Reserved: 2024-12-03T22:50:35.493Z
Link: CVE-2024-54467
Vulnrichment
Updated: 2025-11-03T19:32:09.083Z
NVD
Status : Modified
Published: 2025-03-10T19:15:38.387
Modified: 2026-04-02T19:18:40.520
Link: CVE-2024-54467
Redhat
OpenCVE Enrichment
No data.
Weaknesses