CVE-2025-43228 | Vulnerability Database | Aqua Security

The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to address bar spoofing.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	18.6 (excluding)
Ipados	Apple	*	18.6 (excluding)
Iphone_os	Apple	*	18.6 (excluding)
Qtwebkit-opensource-src	Ubuntu	esm-apps/bionic	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/focal	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/jammy	*
Qtwebkit-opensource-src	Ubuntu	esm-apps/noble	*
Qtwebkit-opensource-src	Ubuntu	esm-infra/xenial	*
Qtwebkit-opensource-src	Ubuntu	jammy	*
Qtwebkit-opensource-src	Ubuntu	noble	*
Qtwebkit-source	Ubuntu	esm-apps/bionic	*
Qtwebkit-source	Ubuntu	esm-apps/xenial	*
Webkit2gtk	Ubuntu	esm-infra/bionic	*
Webkit2gtk	Ubuntu	esm-infra/focal	*
Webkit2gtk	Ubuntu	esm-infra/xenial	*
Webkitgtk	Ubuntu	esm-apps/bionic	*
Webkitgtk	Ubuntu	esm-apps/xenial	*
Wpewebkit	Ubuntu	esm-apps/focal	*
Wpewebkit	Ubuntu	esm-apps/jammy	*
Wpewebkit	Ubuntu	jammy	*

References

https://support.apple.com/en-us/124147
https://support.apple.com/en-us/124152

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-43228
CWE	https://cwe.mitre.org/data/definitions/.html