CVE-2025-31281
BaseFortify
Publication date: 2025-07-30
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 18.6 (exc) |
| apple | iphone_os | to 18.6 (exc) |
| apple | macos | to 15.6 (exc) |
| apple | tvos | to 18.6 (exc) |
| apple | visionos | to 2.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Update your devices to the fixed versions: visionOS 2.6, tvOS 18.6, macOS Sequoia 15.6, iOS 18.6, or iPadOS 18.6 to address the input validation issue and prevent unexpected app termination.
Can you explain this vulnerability to me?
This vulnerability is an input validation issue related to memory handling. It occurs when processing a maliciously crafted file, which can cause unexpected termination of an application. The issue has been fixed in specific versions of visionOS, tvOS, macOS, iOS, and iPadOS.
How can this vulnerability impact me? :
If exploited, this vulnerability can cause an application to terminate unexpectedly, potentially disrupting normal use or causing denial of service.