Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0393
Vulnerability from certfr_avis - Published: 2025-05-13 - Updated: 2025-05-13
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2025-31200 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Sonoma versions antérieures à 14.7.6 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.5 | ||
| Apple | iPadOS | iPadOS versions 18.x antérieures à 18.5 | ||
| Apple | N/A | watchOS versions antérieures à 11.5 | ||
| Apple | Safari | Safari versions antérieures à 18.5 | ||
| Apple | N/A | visionOS versions antérieures à 2.5 | ||
| Apple | macOS | macOS Ventura versions antérieures à 13.7.6 | ||
| Apple | iPadOS | iPadOS versions antérieures à 17.7.7 | ||
| Apple | iOS | iOS versions antérieures à 18.5 | ||
| Apple | N/A | tvOS versions antérieures à 18.5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions 18.x ant\u00e9rieures \u00e0 18.5",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 11.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 18.5",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.7",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 18.5",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 18.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31240",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31240"
},
{
"name": "CVE-2025-31247",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31247"
},
{
"name": "CVE-2025-26465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
},
{
"name": "CVE-2025-31221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31221"
},
{
"name": "CVE-2025-31209",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31209"
},
{
"name": "CVE-2025-24155",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24155"
},
{
"name": "CVE-2025-31204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31204"
},
{
"name": "CVE-2025-31227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31227"
},
{
"name": "CVE-2025-31218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31218"
},
{
"name": "CVE-2025-31228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31228"
},
{
"name": "CVE-2025-31226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31226"
},
{
"name": "CVE-2025-31212",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31212"
},
{
"name": "CVE-2025-26466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26466"
},
{
"name": "CVE-2025-31208",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31208"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-24144",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24144"
},
{
"name": "CVE-2025-30440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30440"
},
{
"name": "CVE-2025-24142",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24142"
},
{
"name": "CVE-2025-24225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24225"
},
{
"name": "CVE-2025-31219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31219"
},
{
"name": "CVE-2025-31251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31251"
},
{
"name": "CVE-2025-31217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31217"
},
{
"name": "CVE-2025-31241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31241"
},
{
"name": "CVE-2025-31196",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31196"
},
{
"name": "CVE-2025-31234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31234"
},
{
"name": "CVE-2025-31245",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31245"
},
{
"name": "CVE-2025-31220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31220"
},
{
"name": "CVE-2025-30442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30442"
},
{
"name": "CVE-2025-31235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31235"
},
{
"name": "CVE-2025-31200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31200"
},
{
"name": "CVE-2025-24097",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24097"
},
{
"name": "CVE-2025-30448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30448"
},
{
"name": "CVE-2025-31249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31249"
},
{
"name": "CVE-2025-24274",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24274"
},
{
"name": "CVE-2025-31238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31238"
},
{
"name": "CVE-2025-24220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24220"
},
{
"name": "CVE-2025-31210",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31210"
},
{
"name": "CVE-2025-31207",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31207"
},
{
"name": "CVE-2025-31242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31242"
},
{
"name": "CVE-2025-31206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31206"
},
{
"name": "CVE-2025-31244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31244"
},
{
"name": "CVE-2025-24259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24259"
},
{
"name": "CVE-2025-31259",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31259"
},
{
"name": "CVE-2025-31232",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31232"
},
{
"name": "CVE-2025-31250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31250"
},
{
"name": "CVE-2025-31223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31223"
},
{
"name": "CVE-2025-31224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31224"
},
{
"name": "CVE-2025-31214",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31214"
},
{
"name": "CVE-2025-31246",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31246"
},
{
"name": "CVE-2025-31213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31213"
},
{
"name": "CVE-2025-31256",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31256"
},
{
"name": "CVE-2025-24258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24258"
},
{
"name": "CVE-2025-24111",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24111"
},
{
"name": "CVE-2025-24222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24222"
},
{
"name": "CVE-2025-31225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31225"
},
{
"name": "CVE-2025-31205",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31205"
},
{
"name": "CVE-2025-24223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24223"
},
{
"name": "CVE-2025-24213",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24213"
},
{
"name": "CVE-2025-31260",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31260"
},
{
"name": "CVE-2025-31236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31236"
},
{
"name": "CVE-2025-31222",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31222"
},
{
"name": "CVE-2025-31237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31237"
},
{
"name": "CVE-2025-31257",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31257"
},
{
"name": "CVE-2025-31239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31239"
},
{
"name": "CVE-2025-31233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31233"
},
{
"name": "CVE-2025-30453",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30453"
},
{
"name": "CVE-2025-31258",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31258"
},
{
"name": "CVE-2025-31253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31253"
},
{
"name": "CVE-2025-31215",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31215"
},
{
"name": "CVE-2025-30443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30443"
}
],
"initial_release_date": "2025-05-13T00:00:00",
"last_revision_date": "2025-05-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0393",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2025-31200 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122404",
"url": "https://support.apple.com/en-us/122404"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122717",
"url": "https://support.apple.com/en-us/122717"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122405",
"url": "https://support.apple.com/en-us/122405"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122716",
"url": "https://support.apple.com/en-us/122716"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122718",
"url": "https://support.apple.com/en-us/122718"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122721",
"url": "https://support.apple.com/en-us/122721"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122720",
"url": "https://support.apple.com/en-us/122720"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122719",
"url": "https://support.apple.com/en-us/122719"
},
{
"published_at": "2025-05-12",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 122722",
"url": "https://support.apple.com/en-us/122722"
}
]
}
CVE-2025-31212 (GCVE-0-2025-31212)
Vulnerability from cvelistv5 – Published: 2025-05-12 21:42 – Updated: 2026-04-02 18:17
VLAI
EPSS
Summary
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to access sensitive user data
- CWE-284 - Improper Access Control
Assigner
References
9 references
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31212",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T19:52:25.278668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T15:12:30.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:49:12.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/12"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/10"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access sensitive user data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:17:09.017Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122404"
},
{
"url": "https://support.apple.com/en-us/122716"
},
{
"url": "https://support.apple.com/en-us/122720"
},
{
"url": "https://support.apple.com/en-us/122721"
},
{
"url": "https://support.apple.com/en-us/122722"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31212",
"datePublished": "2025-05-12T21:42:38.635Z",
"dateReserved": "2025-03-27T16:13:58.316Z",
"dateUpdated": "2026-04-02T18:17:09.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31213 (GCVE-0-2025-31213)
Vulnerability from cvelistv5 – Published: 2025-05-12 21:42 – Updated: 2026-04-02 18:12
VLAI
EPSS
Summary
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to access associated usernames and websites in a user's iCloud Keychain
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
8 references
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T17:43:47.906339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T17:45:13.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:49:17.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/9"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to access associated usernames and websites in a user\u0027s iCloud Keychain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to access associated usernames and websites in a user\u0027s iCloud Keychain",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:12:50.688Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122405"
},
{
"url": "https://support.apple.com/en-us/122716"
},
{
"url": "https://support.apple.com/en-us/122717"
},
{
"url": "https://support.apple.com/en-us/122718"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31213",
"datePublished": "2025-05-12T21:42:29.916Z",
"dateReserved": "2025-03-27T16:13:58.316Z",
"dateUpdated": "2026-04-02T18:12:50.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31214 (GCVE-0-2025-31214)
Vulnerability from cvelistv5 – Published: 2025-05-12 21:42 – Updated: 2026-04-02 18:10
VLAI
EPSS
Summary
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An attacker in a privileged network position may be able to intercept network traffic
- CWE-300 - Channel Accessible by Non-Endpoint
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T13:20:41.089318Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300 Channel Accessible by Non-Endpoint",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T13:31:35.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:49:19.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker in a privileged network position may be able to intercept network traffic",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:10:42.108Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122404"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31214",
"datePublished": "2025-05-12T21:42:23.474Z",
"dateReserved": "2025-03-27T16:13:58.317Z",
"dateUpdated": "2026-04-02T18:10:42.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31215 (GCVE-0-2025-31215)
Vulnerability from cvelistv5 – Published: 2025-05-12 21:42 – Updated: 2026-04-02 18:08
VLAI
EPSS
Summary
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Processing maliciously crafted web content may lead to an unexpected process crash
- CWE-20 - Improper Input Validation
Assigner
References
14 references
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | iPadOS |
Affected:
0 , < 17.7.7
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 15.5
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 2.5
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 11.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-15T13:19:08.839012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T13:19:54.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:49:29.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00016.html"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/13"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/12"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/10"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/6"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected process crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected process crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:08:38.906Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122404"
},
{
"url": "https://support.apple.com/en-us/122405"
},
{
"url": "https://support.apple.com/en-us/122716"
},
{
"url": "https://support.apple.com/en-us/122719"
},
{
"url": "https://support.apple.com/en-us/122720"
},
{
"url": "https://support.apple.com/en-us/122721"
},
{
"url": "https://support.apple.com/en-us/122722"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31215",
"datePublished": "2025-05-12T21:42:19.514Z",
"dateReserved": "2025-03-27T16:13:58.317Z",
"dateUpdated": "2026-04-02T18:08:38.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31217 (GCVE-0-2025-31217)
Vulnerability from cvelistv5 – Published: 2025-05-12 21:42 – Updated: 2026-04-02 18:24
VLAI
EPSS
Summary
The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Processing maliciously crafted web content may lead to an unexpected Safari crash
- CWE-20 - Improper Input Validation
Assigner
References
13 references
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | Safari |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | iPadOS |
Affected:
0 , < 17.7.7
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 15.5
(custom)
|
|
| Apple | tvOS |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 2.5
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 11.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T20:14:03.835532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T15:08:43.218Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:49:38.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/13"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/12"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/10"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/6"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to an unexpected Safari crash",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:24:33.752Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122404"
},
{
"url": "https://support.apple.com/en-us/122405"
},
{
"url": "https://support.apple.com/en-us/122716"
},
{
"url": "https://support.apple.com/en-us/122719"
},
{
"url": "https://support.apple.com/en-us/122720"
},
{
"url": "https://support.apple.com/en-us/122721"
},
{
"url": "https://support.apple.com/en-us/122722"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31217",
"datePublished": "2025-05-12T21:42:58.039Z",
"dateReserved": "2025-03-27T16:13:58.317Z",
"dateUpdated": "2026-04-02T18:24:33.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31218 (GCVE-0-2025-31218)
Vulnerability from cvelistv5 – Published: 2025-05-12 21:42 – Updated: 2026-04-02 18:11
VLAI
EPSS
Summary
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections.
Severity
6.2 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An app may be able to observe the hostnames of new network connections
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T19:46:32.051455Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T19:46:57.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:49:39.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may be able to observe the hostnames of new network connections",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:11:54.676Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122716"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31218",
"datePublished": "2025-05-12T21:42:25.925Z",
"dateReserved": "2025-03-27T16:13:58.317Z",
"dateUpdated": "2026-04-02T18:11:54.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31219 (GCVE-0-2025-31219)
Vulnerability from cvelistv5 – Published: 2025-05-12 21:42 – Updated: 2026-04-02 18:07
VLAI
EPSS
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- An attacker may be able to cause unexpected system termination or corrupt kernel memory
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
Assigner
References
15 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | iPadOS |
Affected:
0 , < 17.7.7
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 13.7.6
(custom)
Affected: 0 , < 14.7.6 (custom) Affected: 0 , < 15.5 (custom) |
|
| Apple | tvOS |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 2.5
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 11.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31219",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T17:39:44.010039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T17:43:13.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:49:49.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/12"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/10"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/9"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/6"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker may be able to cause unexpected system termination or corrupt kernel memory",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:07:29.099Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122404"
},
{
"url": "https://support.apple.com/en-us/122405"
},
{
"url": "https://support.apple.com/en-us/122716"
},
{
"url": "https://support.apple.com/en-us/122717"
},
{
"url": "https://support.apple.com/en-us/122718"
},
{
"url": "https://support.apple.com/en-us/122720"
},
{
"url": "https://support.apple.com/en-us/122721"
},
{
"url": "https://support.apple.com/en-us/122722"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31219",
"datePublished": "2025-05-12T21:42:15.542Z",
"dateReserved": "2025-03-27T16:13:58.317Z",
"dateUpdated": "2026-04-02T18:07:29.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31220 (GCVE-0-2025-31220)
Vulnerability from cvelistv5 – Published: 2025-05-12 21:43 – Updated: 2026-04-02 18:27
VLAI
EPSS
Summary
A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to read sensitive location information.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- A malicious app may be able to read sensitive location information
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
8 references
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31220",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:27:35.984368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:27:40.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:49:54.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/9"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to read sensitive location information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious app may be able to read sensitive location information",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:27:19.082Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122405"
},
{
"url": "https://support.apple.com/en-us/122716"
},
{
"url": "https://support.apple.com/en-us/122717"
},
{
"url": "https://support.apple.com/en-us/122718"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31220",
"datePublished": "2025-05-12T21:43:05.277Z",
"dateReserved": "2025-03-27T16:13:58.319Z",
"dateUpdated": "2026-04-02T18:27:19.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31221 (GCVE-0-2025-31221)
Vulnerability from cvelistv5 – Published: 2025-05-12 21:42 – Updated: 2026-04-02 18:22
VLAI
EPSS
Summary
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to leak memory.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- A remote attacker may be able to leak memory
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
15 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | iPadOS |
Affected:
0 , < 17.7.7
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 13.7.6
(custom)
Affected: 0 , < 14.7.6 (custom) Affected: 0 , < 15.5 (custom) |
|
| Apple | tvOS |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 2.5
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 11.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31221",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T20:01:21.848724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T15:10:16.947Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:50:07.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/12"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/10"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/9"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/6"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.7.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may be able to leak memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A remote attacker may be able to leak memory",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:22:37.616Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122404"
},
{
"url": "https://support.apple.com/en-us/122405"
},
{
"url": "https://support.apple.com/en-us/122716"
},
{
"url": "https://support.apple.com/en-us/122717"
},
{
"url": "https://support.apple.com/en-us/122718"
},
{
"url": "https://support.apple.com/en-us/122720"
},
{
"url": "https://support.apple.com/en-us/122721"
},
{
"url": "https://support.apple.com/en-us/122722"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31221",
"datePublished": "2025-05-12T21:42:54.091Z",
"dateReserved": "2025-03-27T16:13:58.319Z",
"dateUpdated": "2026-04-02T18:22:37.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-31222 (GCVE-0-2025-31222)
Vulnerability from cvelistv5 – Published: 2025-05-12 21:42 – Updated: 2026-04-02 18:11
VLAI
EPSS
Summary
A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- A user may be able to elevate privileges
- CWE-269 - Improper Privilege Management
Assigner
References
13 references
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apple | iOS and iPadOS |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | macOS |
Affected:
0 , < 13.7.6
(custom)
Affected: 0 , < 14.7.6 (custom) Affected: 0 , < 15.5 (custom) |
|
| Apple | tvOS |
Affected:
0 , < 18.5
(custom)
|
|
| Apple | visionOS |
Affected:
0 , < 2.5
(custom)
|
|
| Apple | watchOS |
Affected:
0 , < 11.5
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31222",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T04:01:08.285278Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:38.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:50:15.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2025/May/12"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/10"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/9"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "14.7.6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "11.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A correctness issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A user may be able to elevate privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A user may be able to elevate privileges",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:11:12.985Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122404"
},
{
"url": "https://support.apple.com/en-us/122716"
},
{
"url": "https://support.apple.com/en-us/122717"
},
{
"url": "https://support.apple.com/en-us/122718"
},
{
"url": "https://support.apple.com/en-us/122720"
},
{
"url": "https://support.apple.com/en-us/122721"
},
{
"url": "https://support.apple.com/en-us/122722"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31222",
"datePublished": "2025-05-12T21:42:24.325Z",
"dateReserved": "2025-03-27T16:13:58.319Z",
"dateUpdated": "2026-04-02T18:11:12.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…