{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43327", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.108Z", "datePublished": "2025-09-15T22:34:20.861Z", "dateUpdated": "2026-04-02T18:08:05.223Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Visiting a malicious website may lead to address bar spoofing"}]}], "affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"version": "0", "status": "affected", "lessThan": "26", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing."}], "references": [{"url": "https://support.apple.com/en-us/125110"}, {"url": "https://support.apple.com/en-us/125113"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:08:05.223Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-451", "lang": "en", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-16T14:51:45.716925Z", "id": "CVE-2025-43327", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T14:52:08.020Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/59"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:11:20.730Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Sep/53"}, {"url": "http://seclists.org/fulldisclosure/2025/Sep/59"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:11:20.730Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43327", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-16T14:51:45.716925Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-451", "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-16T14:50:13.976Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Safari", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125113"}], "descriptions": [{"lang": "en", "value": "The issue was addressed by adding additional logic. This issue is fixed in Safari 26. Visiting a malicious website may lead to address bar spoofing."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Visiting a malicious website may lead to address bar spoofing"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-11-04T01:15:21.252Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43327", "state": "PUBLISHED", "dateUpdated": "2025-11-04T01:15:21.252Z", "dateReserved": "2025-04-16T15:24:37.108Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-09-15T22:34:20.861Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "213D326D-D8FB-4C0B-B3C9-D44E359F5765", "versionEndExcluding": "26.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "39AFEC84-CF6E-4859-8B5A-C5CF3F838A94", "versionEndExcluding": "26.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing."}], "id": "CVE-2025-43327", "lastModified": "2026-04-02T19:20:26.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-15T23:15:35.397", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/125110"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125113"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/53"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Sep/59"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T10:50:07.710680+00:00", "value": {"mitigation_remediation": ["Apply the Safari and macOS updates that introduce the spoofing protection logic, specifically Safari\u202f26 and macOS Tahoe\u202f26.", "Enable automatic system updates to ensure future security fixes are applied without manual intervention.", "Educate users to validate URLs and remain cautious of sites where the address bar content does not match the displayed page."], "summary": {"action": "Patch", "impact": "Address bar spoofing"}, "threat_synthesis": {"affected_systems": "Apple Safari and macOS Tahoe releases up through version 26 are affected. Any installation of these product families that predates Safari 26 or macOS Tahoe 26 remains vulnerable until the appropriate update is applied.", "description_and_impact": "Safari and macOS versions prior to 26 suffer from an address bar spoofing flaw that allows a crafted website to cause Safari to display a false address bar, deceiving users into believing they are on a legitimate site. The flaw is categorized as CWE-451, revealing information that an attacker can abuse to mislead users. The consequences include phishing, credential theft, or broader social engineering attacks.", "risk_and_exploitability": "The CVSS score of 6.5 places the vulnerability in the moderate\u2011to\u2011high range. The EPSS score of less than 1% indicates a low likelihood of exploitation at this time, and the flaw is not listed in the CISA KEV catalog. Exploitation requires a user to visit a malicious web page, so the attack vector is web\u2011based. While the impact is significant if exploited, the overall risk is moderated by the low exploitation probability and the availability of a patch."}}}}, "created": "2025-09-17T10:06:37.298448+00:00", "updated": "2026-04-28T11:00:14.129273+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$safari"]}