CVE-2025-31277

HIGH KEV

Safari < 18.6 - Memory Corruption via Malicious Web Content

Title source: llm

Exploitation Summary

CVE-2025-31277 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 20, 2026. EIP tracks 1 public exploit from researchers including stationedK-06.

AI-analyzed exploit summary This repository provides a static analysis of the DarkSword iOS WebKit exploit chain, focusing on CVE-2025-31277 and CVE-2025-43529. It includes references to external sources and aims to document the exploit chain's delivery, staging, and breakdown.

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

Exploits (1)

nomisec WRITEUP

by stationedK-06 · poc

https://github.com/stationedK-06/DarkSword_analysis

View Code ZIP pw:eip

This repository provides a static analysis of the DarkSword iOS WebKit exploit chain, focusing on CVE-2025-31277 and CVE-2025-43529. It includes references to external sources and aims to document the exploit chain's delivery, staging, and breakdown.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Complex

Reliability

Theoretical

Target: iOS WebKit

No auth needed

Prerequisites: Access to the exploit chain code or samples · Understanding of iOS WebKit vulnerabilities

MITRE ATT&CK