What the vulnerability does
Description
Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142.
CVE-2025-55033
CVE-2025-55033: Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly
CVSS base score
—
Key dates
Disclosure timeline
August 19, 2025
CVE published
April 13, 2026
Record updated
