CVE-2025-31266
BaseFortify
Publication date: 2025-11-21
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | safari | to 18.5 (exc) |
| apple | macos | to 15.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a spoofing issue where a website may be able to spoof the domain name in the title of a pop-up window by exploiting improper truncation when displaying the fully qualified domain name. It was addressed by improving the truncation method.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a malicious website to spoof the domain name in a pop-up window's title, potentially misleading you into trusting a fraudulent site or action, which could lead to phishing or other social engineering attacks.
What immediate steps should I take to mitigate this vulnerability?
Update Safari to version 18.5 and macOS Sequoia to version 15.5 to apply the fix that addresses the spoofing issue.