CVE-2025-31223

HIGH

Safari < 18.5 - Memory Corruption via Maliciously Crafted Web Content

Title source: llm
STIX 2.1

Description

The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to memory corruption.

References (24)

Core 24
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122404
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122716
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122719
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122720
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122721
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122722

Scores

CVSS v3 8.0
EPSS 0.0053
EPSS Percentile 41.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-119 CWE-120
Status published
Products (13)
Apple/iOS and iPadOS < 18.5
apple/ipados < 18.5
apple/iphone_os < 18.5
apple/macos < 15.5
Apple/macOS < 15.5
apple/safari < 18.5
Apple/Safari < 18.5
apple/tvos < 18.5
Apple/tvOS < 18.5
apple/visionos < 2.5
... and 3 more
Published May 12, 2025
Tracked Since Feb 18, 2026