{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-30467", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-22T00:04:43.723Z", "datePublished": "2025-03-31T22:23:52.835Z", "dateUpdated": "2026-04-02T18:22:47.921Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Visiting a malicious website may lead to address bar spoofing"}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "0", "status": "affected", "lessThan": "18.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "0", "status": "affected", "lessThan": "11.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. Visiting a malicious website may lead to address bar spoofing."}], "references": [{"url": "https://support.apple.com/en-us/122371"}, {"url": "https://support.apple.com/en-us/122373"}, {"url": "https://support.apple.com/en-us/122376"}, {"url": "https://support.apple.com/en-us/122379"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:22:47.921Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-451", "lang": "en", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-01T19:24:28.140256Z", "id": "CVE-2025-30467", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T19:26:37.878Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Apr/13"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/8"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/4"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/2"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:16:14.814Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-30467", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-01T19:24:28.140256Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T19:26:04.515Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122371"}, {"url": "https://support.apple.com/en-us/122373"}, {"url": "https://support.apple.com/en-us/122379"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Visiting a malicious website may lead to address bar spoofing"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-03-31T22:23:52.835Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30467", "state": "PUBLISHED", "dateUpdated": "2025-04-01T19:26:37.878Z", "dateReserved": "2025-03-22T00:04:43.723Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-03-31T22:23:52.835Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "45D15738-9AE3-4CB5-8755-A67F6E09EAC5", "versionEndExcluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B3450F7-7B4A-46CE-A6E0-BBE6569F2EBF", "versionEndExcluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990", "versionEndExcluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3BD0A90-23F1-430A-8119-E14055F7E621", "versionEndExcluding": "15.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, watchOS 11.4. Visiting a malicious website may lead to address bar spoofing."}, {"lang": "es", "value": "El problema se solucion\u00f3 mejorando las comprobaciones. Este problema est\u00e1 corregido en Safari 18.4, iOS 18.4, iPadOS 18.4 y macOS Sequoia 15.4. Visitar un sitio web malicioso puede provocar la suplantaci\u00f3n de la barra de direcciones."}], "id": "CVE-2025-30467", "lastModified": "2026-04-02T19:19:42.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-31T23:15:27.967", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122371"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122373"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/122376"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122379"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/13"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Apr/8"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T18:59:53.858852+00:00", "value": {"mitigation_remediation": ["Upgrade Safari, iOS, iPadOS, macOS and watchOS to the latest versions (18.4, 18.4, 18.4, Sequoia\u202f15.4 and 11.4 respectively) which incorporate the address\u2011bar validation fix.", "Enable automatic software updates on all Apple devices so that future security patches are applied promptly.", "Educate users to verify the true domain displayed in the address bar, check for HTTPS and other trust indicators, and refrain from interacting with suspicious or unfamiliar web sites."], "summary": {"action": "Patch", "impact": "Address Bar Spoofing"}, "threat_synthesis": {"affected_systems": "Apple Safari, iOS, iPadOS, macOS and watchOS are affected. The issue is resolved in Safari 18.4, iOS 18.4, iPadOS 18.4, macOS Sequoia\u202f15.4 and watchOS\u202f11.4; earlier releases remain vulnerable.", "description_and_impact": "The vulnerability permits an adversary to manipulate a user\u2019s browser so that the address bar displays a false URL when a malicious website is visited. This deception can facilitate phishing or other social\u2011engineering attacks without granting code execution, and it is classified as CWE\u2011451.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a moderate risk, while the EPSS score of less than 1\u202f% suggests a low probability of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would need to lure users to a malicious site \u2013 a user\u2011initiated action \u2013 to trigger the spoofing; no remote code execution or privilege escalation results from a successful exploit."}}}}, "created": "2026-04-28T19:00:20.875879+00:00", "title": "Malicious Website Causes Address Bar Spoofing on Apple Browsers and Devices", "updated": "2026-04-28T19:00:20.875889+00:00", "vendors": []}