{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-30425", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-22T00:04:43.716Z", "datePublished": "2025-03-31T22:22:50.104Z", "dateUpdated": "2026-04-02T18:11:38.169Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A malicious website may be able to track users in Safari private browsing mode"}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "0", "status": "affected", "lessThan": "18.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "17.7.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "0", "status": "affected", "lessThan": "11.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. A malicious website may be able to track users in Safari private browsing mode."}], "references": [{"url": "https://support.apple.com/en-us/122371"}, {"url": "https://support.apple.com/en-us/122372"}, {"url": "https://support.apple.com/en-us/122373"}, {"url": "https://support.apple.com/en-us/122376"}, {"url": "https://support.apple.com/en-us/122377"}, {"url": "https://support.apple.com/en-us/122379"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:11:38.169Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-02T13:30:55.559638Z", "id": "CVE-2025-30425", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T13:32:24.826Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Apr/13"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/8"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/5"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/4"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/11"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:13:39.552Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-30425", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-02T13:30:55.559638Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T13:32:01.621Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122377"}, {"url": "https://support.apple.com/en-us/122371"}, {"url": "https://support.apple.com/en-us/122372"}, {"url": "https://support.apple.com/en-us/122373"}, {"url": "https://support.apple.com/en-us/122379"}], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A malicious website may be able to track users in Safari private browsing mode."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A malicious website may be able to track users in Safari private browsing mode"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-03-31T22:22:50.104Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30425", "state": "PUBLISHED", "dateUpdated": "2025-04-02T13:32:24.826Z", "dateReserved": "2025-03-22T00:04:43.716Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-03-31T22:22:50.104Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D15738-9AE3-4CB5-8755-A67F6E09EAC5", "versionEndExcluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "687E67E4-136D-4154-BA6F-5ACA16254023", "versionEndExcluding": "17.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAAF5169-C6A9-449A-B41F-2CB1801EBA4B", "versionEndExcluding": "18.4", "versionStartIncluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990", "versionEndExcluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "1320B815-0457-4276-83B9-AFAFDAF17EDA", "versionEndExcluding": "15.4", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C61CCC2-87D3-4A3A-837B-63C48299A7AD", "versionEndExcluding": "18.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. A malicious website may be able to track users in Safari private browsing mode."}, {"lang": "es", "value": "Este problema se solucion\u00f3 mejorando la gesti\u00f3n del estado. Est\u00e1 corregido en tvOS 18.4, Safari 18.4, iPadOS 17.7.6, iOS 18.4 y iPadOS 18.4, y macOS Sequoia 15.4. Un sitio web malicioso podr\u00eda rastrear a los usuarios en el modo de navegaci\u00f3n privada de Safari."}], "id": "CVE-2025-30425", "lastModified": "2026-04-02T19:19:33.937", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-31T23:15:24.847", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/122371"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/122372"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/122373"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/122376"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/122377"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/122379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/8"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T22:48:53.438672+00:00", "value": {"mitigation_remediation": ["Apply the latest Safari update\u202f18.4 and the corresponding iOS and iPadOS updates (iOS\u202f18.4 or iPadOS\u202f18.4\u202f/\u202f17.7.6) to address the private browsing state\u2011management flaw.", "Upgrade macOS\u202fSequoia to\u202f15.4, which includes the fix for the same issue in the desktop browser.", "Install the newest tvOS\u202f18.4 and watchOS\u202f11.4 releases to secure those Apple platforms."], "summary": {"action": "Upgrade", "impact": "Privacy Compromise"}, "threat_synthesis": {"affected_systems": "The affected Apple products are Safari, iOS, iPadOS, macOS, tvOS, and watchOS. The specific vulnerable releases are Safari 18.4, iOS 18.4, iPadOS 18.4 or 17.7.6, macOS Sequoia 15.4, tvOS 18.4, and watchOS 11.4.", "description_and_impact": "This vulnerability involves a flaw in the state management of Safari\u2019s private browsing mode that could allow a malicious website to track users. The issue stems from a failure to enforce strict access control on private browsing sessions, a weakness classified as CWE-284 (Improper Control of Access Permissions), which may expose identifying data that should remain hidden when the user is in private mode. The resulting privacy breach could enable persistent tracking or profiling of users who rely on private browsing to avoid data leakage.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a low severity, while the EPSS score of less than 1% suggests a very low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to host a malicious webpage and entice a user to visit that page while the user is in Safari\u2019s private browsing mode. The data provided does not describe a publicly available exploit, so the threat remains theoretical, though the privacy implications are significant for users employing private browsing for anonymity."}}}}, "created": "2026-04-28T23:00:13.169021+00:00", "title": "Safari Private Browsing Tracking Vulnerability", "updated": "2026-04-28T23:00:13.169032+00:00", "vendors": []}