CVE-2025-31202

Published: Apr 29, 2025Modified: May 5, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos, Tvos, Visionos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 18.4
Apple Iphone Os	Before 18.4
Apple Macos	Before 15.4
Apple Tvos	Before 18.4
Apple Visionos	Before 2.4

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (4)

https://support.apple.com/en-us/122371

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122373

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122377

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122378

Source: product-security@apple.com

Release NotesVendor Advisory

Timeline

No history available yet.