Spoofing Vulnerability in Safari Browser by Apple
CVE-2025-31266

Currently unrated

Key Information:

Vendor: Apple
Status: Mac OS; Safari
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-31266?

A vulnerability in the Safari browser allows potential attackers to spoof the domain name displayed in pop-up window titles. This can mislead users into thinking they are interacting with a legitimate website, increasing the risk of phishing and other social engineering attacks. The issue was addressed through improved truncation methods, safeguarding users from deceptive practices that could occur when navigating the web.

Affected Version(s)

macOS < 15.5

Safari < 18.5

References

https://support.apple.com/en-us/122716

https://support.apple.com/en-us/122719

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Mar 27, 2025

JSON