CVE-2025-31234

Published: May 12, 2025Modified: Apr 2, 2026

8.2

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Exploitability: 3.9 / Impact: 4.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos, Tvos, Visionos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 18.5
Apple Iphone Os	Before 18.5
Apple Macos	Before 15.5
Apple Tvos	Before 18.5
Apple Visionos	Before 2.5

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (8)

https://support.apple.com/en-us/122404

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122716

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122720

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122721

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2025/May/11

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/May/12

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/May/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/May/7

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.