CVE-2025-43229 is a universal cross-site scripting (UXSS) vulnerability identified in Apple Safari, fixed in Safari 18.6 and macOS Sequoia 15.6. The vulnerability arises from improper state management when processing maliciously crafted web content, categorized under CWE-79 (Improper Neutralization of Input During Web Page Generation). UXSS vulnerabilities allow attackers to bypass same-origin policy restrictions, enabling script execution in the context of trusted sites. This can lead to theft of sensitive information such as cookies, session tokens, or other credentials, and manipulation of web page content. The vulnerability requires no privileges or authentication but does require user interaction, such as visiting a maliciously crafted webpage. The CVSS v3.1 base score is 6.1 (medium), with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N indicating network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality and integrity, with no impact on availability. No known exploits have been reported in the wild, but the potential for targeted attacks exists. The issue was resolved by Apple through improved state management to prevent the UXSS condition. This vulnerability primarily affects users of Safari on macOS and iOS platforms prior to the patched versions.

The vulnerability allows attackers to execute arbitrary scripts within the security context of trusted websites, potentially leading to theft of sensitive user data such as cookies, credentials, or personal information. This compromises confidentiality and integrity of user sessions and data. Attackers may also manipulate web content to perform phishing or social engineering attacks. While availability is not impacted, the breach of trust boundaries can lead to significant reputational damage and user exploitation. Organizations relying on Safari for web access, especially those handling sensitive or regulated data, face increased risk of data leakage and session hijacking. The requirement for user interaction limits automated exploitation but does not eliminate risk, particularly in targeted spear-phishing campaigns. The absence of known exploits reduces immediate threat but patching remains critical to prevent future attacks.

Organizations and users should promptly update Safari to version 18.6 or later and macOS to Sequoia 15.6 or later to apply the official patch. Employ web content filtering and intrusion prevention systems to detect and block malicious web content that could trigger UXSS attacks. Educate users about the risks of interacting with untrusted or suspicious links and websites, emphasizing cautious browsing behavior. Implement Content Security Policy (CSP) headers on web applications to restrict script execution and reduce the impact of potential XSS vulnerabilities. Regularly audit and test web applications for XSS and UXSS vulnerabilities, especially when accessed via Safari. Consider deploying browser isolation technologies for high-risk users to contain potential script execution. Monitor security advisories from Apple and threat intelligence sources for updates on exploitation attempts or new variants. Finally, ensure incident response plans include procedures for handling client-side script injection incidents.