{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31266", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-27T16:13:58.340Z", "datePublished": "2025-11-21T21:22:24.270Z", "dateUpdated": "2026-04-02T18:19:21.476Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A website may be able to spoof the domain name in the title of a pop-up window"}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "0", "status": "affected", "lessThan": "18.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window."}], "references": [{"url": "https://support.apple.com/en-us/122716"}, {"url": "https://support.apple.com/en-us/122719"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:19:21.476Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-451", "lang": "en", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-23T11:32:06.781892Z", "id": "CVE-2025-31266", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-23T11:32:09.916Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-31266", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-23T11:32:06.781892Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-23T11:31:41.656Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.5", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122716"}, {"url": "https://support.apple.com/en-us/122719"}], "descriptions": [{"lang": "en", "value": "A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A website may be able to spoof the domain name in the title of a pop-up window"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-11-21T21:22:24.270Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31266", "state": "PUBLISHED", "dateUpdated": "2025-11-23T11:32:09.916Z", "dateReserved": "2025-03-27T16:13:58.340Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-11-21T21:22:24.270Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "2911F28D-586D-4C43-BCE7-A8A77568E183", "versionEndExcluding": "18.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF1B4AB8-2B51-4EED-BD29-C500C83FAB10", "versionEndExcluding": "15.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A spoofing issue was addressed with improved truncation when displaying the fully qualified domain name. This issue is fixed in Safari 18.5, macOS Sequoia 15.5. A website may be able to spoof the domain name in the title of a pop-up window."}], "id": "CVE-2025-31266", "lastModified": "2026-04-02T19:19:58.183", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-21T22:16:19.743", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122716"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122719"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-27T22:47:11.821457+00:00", "value": {"mitigation_remediation": ["Install Safari 18.5 or later to eliminate the spoofing flaw.", "Upgrade macOS to Sequoia 15.5 or later, which includes the Safari update.", "Restrict or disable pop\u2011up windows from untrusted sites in Safari to reduce the attack surface."], "summary": {"action": "Update Safari", "impact": "Domain Spoofing in Pop\u2011Up Window Title"}, "threat_synthesis": {"affected_systems": "Apple Safari versions earlier than 18.5 and macOS releases earlier than Sequoia 15.5 are susceptible. The vulnerability affects the standard Safari application bundled with macOS and is not limited to a specific model or build. Users of older macOS or Safari editions must be aware that their browsers may display spoofed domain names in pop\u2011up window titles.", "description_and_impact": "The flaw allows a malicious website to display a forged fully\u2011qualified domain name in the title of a pop\u2011up window in Safari. The spoofed text can mislead users into believing they are interacting with a trusted domain, potentially facilitating phishing or social\u2011engineering attacks. This weakness is described by CWE\u2011451 and does not provide code execution or privilege escalation, but it can compromise user trust and confidentiality by revealing misleading domain information.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a low\u2011to\u2011moderate impact, and the EPSS score of less than 1% shows a very low probability of exploitation today. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to trick users into visiting a malicious site that generates a spoofed pop\u2011up; no network\u2011based attack or remote code execution is required."}}}}, "created": "2025-11-24T09:08:03.362719+00:00", "title": "Spoofing of Domain Name in Safari Pop-Up Window Title", "updated": "2026-04-27T23:00:13.954824+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$safari"]}