Symlink Vulnerability in Apple Products
CVE-2025-31182

9.8CRITICAL

Key Information:

Vendor
Apple
Status
TV OS
iOS And iPad OS
Mac OS
Visionos
Vendor
CVE Published:
31 March 2025

Summary

This vulnerability arises from improper handling of symbolic links in Apple's software, allowing an application to potentially delete files it shouldn't have access to. The issue does not require elevated permissions and can lead to unauthorized file manipulations, emphasizing the need for users to update their systems to the latest versions where this vulnerability has been patched.

Affected Version(s)

iOS and iPadOS < 18.4

macOS < 15.4

macOS < 14.7

References

https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122373

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.