A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Apple
  • Ipados
  • Iphone Os
  • Macos
  • Safari
  • Tvos
  • Visionos
Redhat
  • Enterprise Linux
  • Openshift Devspaces
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus

Configuration 1 [-]

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
webkitgtk4-0:2.48.3-2.el7_9 cpe:/o:redhat:rhel_els:7 RHSA-2025:10364 2025-07-07T00:00:00Z
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.48.1-1.el8_10 cpe:/a:redhat:enterprise_linux:8 RHSA-2025:3974 2025-04-17T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
webkit2gtk3-0:2.48.1-2.el8_2 cpe:/a:redhat:rhel_aus:8.2 RHSA-2025:8194 2025-05-27T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
webkit2gtk3-0:2.48.1-2.el8_4 cpe:/a:redhat:rhel_aus:8.4 RHSA-2025:8064 2025-05-21T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
webkit2gtk3-0:2.48.1-2.el8_4 cpe:/a:redhat:rhel_tus:8.4 RHSA-2025:8064 2025-05-21T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
webkit2gtk3-0:2.48.1-2.el8_4 cpe:/a:redhat:rhel_e4s:8.4 RHSA-2025:8064 2025-05-21T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
webkit2gtk3-0:2.48.1-2.el8_6 cpe:/a:redhat:rhel_aus:8.6 RHSA-2025:8066 2025-05-21T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
webkit2gtk3-0:2.48.1-2.el8_6 cpe:/a:redhat:rhel_tus:8.6 RHSA-2025:8066 2025-05-21T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
webkit2gtk3-0:2.48.1-2.el8_6 cpe:/a:redhat:rhel_e4s:8.6 RHSA-2025:8066 2025-05-21T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
webkit2gtk3-0:2.48.1-1.el8_8 cpe:/a:redhat:rhel_eus:8.8 RHSA-2025:4445 2025-05-05T00:00:00Z
Red Hat Enterprise Linux 9
webkit2gtk3-0:2.48.1-1.el9_5 cpe:/a:redhat:enterprise_linux:9 RHSA-2025:3713 2025-04-08T00:00:00Z
webkit2gtk3-0:2.48.1-1.el9_6 cpe:/a:redhat:enterprise_linux:9 RHSA-2025:7387 2025-05-13T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
webkit2gtk3-0:2.48.1-1.el9_0 cpe:/a:redhat:rhel_e4s:9.0 RHSA-2025:8065 2025-05-21T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
webkit2gtk3-0:2.48.1-3.el9_2 cpe:/a:redhat:rhel_eus:9.2 RHSA-2025:3756 2025-04-09T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
webkit2gtk3-0:2.48.1-2.el9_4 cpe:/a:redhat:rhel_eus:9.4 RHSA-2025:3755 2025-04-09T00:00:00Z
Red Hat OpenShift Dev Spaces 3 Containers
devspaces/pluginregistry-rhel9:3.20-8 cpe:/a:redhat:openshift_devspaces:3::el9 RHSA-2025:7998 2025-05-19T00:00:00Z
devspaces/udi-base-rhel9:3.20-2 cpe:/a:redhat:openshift_devspaces:3::el9 RHSA-2025:7998 2025-05-19T00:00:00Z
devspaces/udi-rhel9:3.20-11 cpe:/a:redhat:openshift_devspaces:3::el9 RHSA-2025:7998 2025-05-19T00:00:00Z
References
Link Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-30427 cve-icon
https://support.apple.com/en-us/122371 cve-icon cve-icon
https://support.apple.com/en-us/122372 cve-icon cve-icon
https://support.apple.com/en-us/122373 cve-icon cve-icon
https://support.apple.com/en-us/122377 cve-icon cve-icon
https://support.apple.com/en-us/122378 cve-icon cve-icon
https://support.apple.com/en-us/122379 cve-icon cve-icon
https://webkitgtk.org/security/WSA-2025-0003.html cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-30427 cve-icon
History

Mon, 07 Jul 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
CPEs cpe:/o:redhat:rhel_els:7
Vendors & Products Redhat rhel Els

Tue, 27 May 2025 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_aus:8.2

Thu, 22 May 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus
CPEs cpe:/a:redhat:rhel_aus:8.4
cpe:/a:redhat:rhel_aus:8.6
cpe:/a:redhat:rhel_e4s:8.4
cpe:/a:redhat:rhel_e4s:8.6
cpe:/a:redhat:rhel_e4s:9.0
cpe:/a:redhat:rhel_tus:8.4
cpe:/a:redhat:rhel_tus:8.6
Vendors & Products Redhat rhel Aus
Redhat rhel E4s
Redhat rhel Tus

Wed, 21 May 2025 03:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Devspaces
CPEs cpe:/a:redhat:openshift_devspaces:3::el9
Vendors & Products Redhat openshift Devspaces

Mon, 05 May 2025 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:rhel_eus:8.8

Fri, 18 Apr 2025 03:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:enterprise_linux:8

Thu, 10 Apr 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:9.2
cpe:/a:redhat:rhel_eus:9.4
Vendors & Products Redhat rhel Eus

Wed, 09 Apr 2025 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat enterprise Linux
CPEs cpe:/a:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux

Tue, 08 Apr 2025 02:00:00 +0000

Type Values Removed Values Added
Title webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
References
Metrics threat_severity

None

 threat_severity

Important

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple tvos
Apple visionos
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple tvos
Apple visionos

Tue, 01 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Tue, 01 Apr 2025 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, Safari 18.4. Processing maliciously crafted web content may lead to an unexpected Safari crash.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-03-31T22:24:24.350Z

Updated: 2025-04-01T13:18:41.175Z

Reserved: 2025-03-22T00:04:43.716Z

Link: CVE-2025-30427

cve-icon Vulnrichment

Updated: 2025-04-01T04:03:57.791Z

cve-icon NVD

Status : Analyzed

Published: 2025-03-31T23:15:25.037

Modified: 2025-04-07T14:02:18.690

Link: CVE-2025-30427

cve-icon Redhat

Severity : Important

Publid Date: 2025-04-07T00:00:00Z

Links: CVE-2025-30427 - Bugzilla