{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43240", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.091Z", "datePublished": "2025-07-29T23:29:26.024Z", "dateUpdated": "2026-04-02T18:24:57.015Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A download's origin may be incorrectly associated"}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "0", "status": "affected", "lessThan": "18.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated."}], "references": [{"url": "https://support.apple.com/en-us/124149"}, {"url": "https://support.apple.com/en-us/124152"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:24:57.015Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-703", "lang": "en", "description": "CWE-703 Improper Check or Handling of Exceptional Conditions"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-30T13:28:26.914988Z", "id": "CVE-2025-43240", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-31T17:56:53.589Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"}, {"url": "http://seclists.org/fulldisclosure/2025/Aug/0"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/32"}, {"url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:10:35.941Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"}, {"url": "http://seclists.org/fulldisclosure/2025/Aug/0"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/32"}, {"url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T21:10:35.941Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43240", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-30T13:28:26.914988Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-703", "description": "CWE-703 Improper Check or Handling of Exceptional Conditions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T13:28:28.830Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "0", "lessThan": "18.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "15.6", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/124149"}, {"url": "https://support.apple.com/en-us/124152"}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A download's origin may be incorrectly associated"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:24:57.015Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43240", "state": "PUBLISHED", "dateUpdated": "2026-04-02T18:24:57.015Z", "dateReserved": "2025-04-16T15:24:37.091Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-07-29T23:29:26.024Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "969AD7A8-5CCF-4607-BBE8-E06E642A170C", "versionEndExcluding": "18.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "077E4BB7-4A8B-4D18-BCD7-2938A2B8B9C8", "versionEndExcluding": "15.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in Safari 18.6, macOS Sequoia 15.6. A download's origin may be incorrectly associated."}, {"lang": "es", "value": "Se solucion\u00f3 un problema l\u00f3gico mejorando las comprobaciones. Este problema se solucion\u00f3 en macOS Sequoia 15.6. El origen de una descarga pod\u00eda estar asociado incorrectamente."}], "id": "CVE-2025-43240", "lastModified": "2026-04-02T19:20:11.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-30T00:15:35.890", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124149"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124152"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Aug/0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jul/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/08/02/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00015.html"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-703"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "webkitgtk: A download\u2019s origin may be incorrectly associated", "id": "2384385", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384385"}, "csaw": false, "cwe": "CWE-703", "details": ["A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly associated."], "name": "CVE-2025-43240", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-07-29T23:29:26Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-43240\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-43240\nhttps://support.apple.com/en-us/124149\nhttps://webkitgtk.org/security/WSA-2025-0005.html"], "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-28T18:47:29.760482+00:00", "value": {"mitigation_remediation": ["Install Safari\u202f18.6 or newer and macOS\u202fSequoia\u202f15.6 or newer to receive the WebKit fix.", "Restart the machine after updating to activate the WebKit changes.", "Until the patch is applied, configure Safari to block or prompt on downloads from untrusted origins, and keep Gatekeeper set to require signed software to prevent execution of potentially compromised files."], "summary": {"action": "Patch", "impact": "Origin misattribution"}, "threat_synthesis": {"affected_systems": "Apple Safari and Apple macOS are affected. Versions earlier than Safari\u202f18.6 and macOS\u202fSequoia\u202f15.6 lack the fix. Updating to these or later releases removes the flaw.", "description_and_impact": "A flaw in the WebKit download handling logic can cause the browser to record a downloaded file\u2019s origin incorrectly. This logic error leads to an improper association between the file and the webpage that initiated the download. The impact is that security checks relying on the reported origin\u2014such as content\u2011security\u2011policy enforcement or download\u2011origin filtering\u2014may be misapplied, allowing a file to be treated as coming from a trusted source when it does not.", "risk_and_exploitability": "The CVSS base score of 6.2 categorizes the issue as medium severity, and the EPSS score of less than 1\u202f% implies a low current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that a malicious web page could initiate a download that triggers the misassociation, potentially allowing the file to be treated as originating from a trusted domain. Although no active exploits are reported, the risk remains until the patch is applied."}}}}, "created": "2025-07-31T09:15:37.323970+00:00", "updated": "2026-04-28T19:00:20.851092+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$sequoia"]}