Planned Fix
CVE-2025-31277
Memory corruption in Apple Safari and related OS components (user interaction)
Apple Safari and several Apple OS components contain a memory corruption vulnerability that can be triggered by processing malicious web content. Exploitation requires user interaction to visit a crafted page, and the impact can be memory corruption with potential code execution on the device. Apple issued security updates fixing Safari and related OS components (e.g., macOS Sequoia, iOS/iPadOS, tvOS, watchOS, VisionOS) to mitigate the issue; the vulnerability is tracked under a high CVSS score and is listed in government KEV catalogs.
Last analyzed: Loading...
Type
Unknown
Auth Required
No
PoC Available
NoACTIVE EXPLOITATION
Vendor
Apple Inc.
Product
Safari
Exposure
On-host (logged-in)
Default Config
Exploitable
CVSS Score
8.8
- Name
- Memory corruption in Apple Safari and related OS components (user interaction)
- Summary
- Apple Safari and several Apple OS components contain a memory corruption vulnerability that can be triggered by processing malicious web content. Exploitation requires user interaction to visit a crafted page, and the impact can be memory corruption with potential code execution on the device. Apple issued security updates fixing Safari and related OS components (e.g., macOS Sequoia, iOS/iPadOS, tvOS, watchOS, VisionOS) to mitigate the issue; the vulnerability is tracked under a high CVSS score and is listed in government KEV catalogs.
- Vendor
- Apple Inc.
- Product Name
- Safari
- Product Description
- Safari is Apple’s web browser integrated into macOS, iOS and related Apple operating systems; it renders web content and handles browsing features across Apple devices.
- Affected Versions
- Safari < 18.6; iPhone OS < 18.6; watchOS < 11.6; tvOS < 18.6; macOS Sequoia 15.0 inclusive to 15.5 inclusive (15.0 <= version < 15.6); iPadOS < 18.6; VisionOS < 2.6
- Affected Component
- Memory corruption in the browser's web-content processing and related Apple OS components.
- Component URLs
- Protocol
- HTTPS
- Ports
- 80443
- Internet-facing Likelihood
- 60%
- Exposure Level
- On-host (logged-in)
- Enterprise Usage
- 70%
- Type
- Unknown
- Impact
- Potential remote code execution or device compromise via memory corruption when processing malicious web content; impact includes high confidentiality, integrity, and availability risks.
- Exploitation Description
- Exploitation involves delivering malicious web content to a vulnerable device and triggering memory corruption during web content processing. The attack requires user interaction (e.g., visiting a malicious page) and does not require prior authentication.
- Detection Method
- No
- Detection Method Types
- Not available
- Detection Method URLs
- Not available
- PoC Available
- No
- PoC URLs
- Not available
- Default Config Exploitable
- Yes
- Exploitation Requirements
- User must open malicious content in a Safari-susceptible environment; no authentication is required; network access to retrieve or render the crafted content is needed.
- Requirements URLs
- Requirements Probability
- 100%
- Authentication Needed
- No
- CVE ID
- CVE-2025-31277
- Description
- The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.
- CVSS Score
- 8.8
- Published
- Loading...
- Last Modified
- Loading...
- CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H- Attack Vector (AV)
- AV:N
- Attack Complexity (AC)
- AC:L
- Privileges Required (PR)
- PR:N
- User Interaction (UI)
- UI:R
- Scope (S)
- S:U
- Confidentiality (C)
- C:H
- Integrity (I)
- I:H
- Availability (A)
- A:H
- CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CPE Configuration
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
- Version From
- nullnullnullnull15.0nullnull
- Version UpTo
- 18.618.611.618.615.618.62.6
- Remediation Type
- updatepatch
- Remediation Description
- Upgrade affected Apple software to fixed versions per vendor advisories (Safari 18.6; corresponding OS updates for iOS/iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, watchOS 11.6, VisionOS 2.6). Where available, apply vendor-released patches; some mitigations may be described by the vendor as steps to disable or limit the affected feature until patched.
- EPSS Score
- 0.27%
- EPSS Percentile
- 50.00%
- EPSS Last Updated
- Loading...
- CISA KEV
- Yes
- CISA KEV Date Added
- Loading...
- Active Exploitation
- Yes
- Active Exploitation URLs
- Threat Actors
- Not available
- Threat Actors URLs
- Not available
- IOCs
- Not available
- Detection Rules
- Not available
- Articles Used
- 6
- Sources
- https://nvd.nist.gov/vuln/detail/CVE-2025-31277
- https://www.cvedetails.com/cve/CVE-2025-31277/
- https://www.tenable.com/cve/CVE-2025-31277
- https://vulnerability.circl.lu/vuln/CVE-2025-31277
- https://www.wiz.io/vulnerability-database/cve/cve-2025-31277
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277