CVE-2025-31277

HIGH

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

CVSS v3.1 Score

8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 7/30/2025Modified: 4/2/2026

Related Intelligence (1)

HIGHVulnerability

CISA KEV: Apple Multiple Products — Apple Multiple Products Buffer Overflow Vulnerability

Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.

CVE-2025-31277Apple Multiple Products
CISA KEV

References (12)

https://support.apple.com/en-us/124147Release NotesVendor Advisoryhttps://support.apple.com/en-us/124149Release NotesVendor Advisoryhttps://support.apple.com/en-us/124152Release NotesVendor Advisoryhttps://support.apple.com/en-us/124153Release NotesVendor Advisoryhttps://support.apple.com/en-us/124154Release NotesVendor Advisoryhttps://support.apple.com/en-us/124155Release NotesVendor Advisoryhttp://seclists.org/fulldisclosure/2025/Aug/0Mailing ListThird Party Advisoryhttp://seclists.org/fulldisclosure/2025/Jul/30Mailing ListThird Party Advisoryhttp://seclists.org/fulldisclosure/2025/Jul/32Mailing ListThird Party Advisoryhttp://seclists.org/fulldisclosure/2025/Jul/36Mailing ListThird Party Advisoryhttps://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/Technical Descriptionhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277US Government Resource