Authorization Flaw in Safari and Apple Operating Systems Affecting Local Network Access
CVE-2025-31184

7.8HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Mac OS; Visionos; Safari
Vendor: CVE Published:; 31 March 2025

What is CVE-2025-31184?

An authorization flaw has been identified in Safari and various Apple operating systems, where an application may acquire unauthorized access to the local network. This issue has been addressed through enhanced permissions verification, and users are encouraged to update their software to the latest versions, including Safari 18.4, visionOS 2.4, iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4, to mitigate potential risks.

Affected Version(s)

iOS and iPadOS < 18.4

macOS < 15.4

Safari < 18.4

References

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122373

https://support.apple.com/en-us/122378

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Mar 27, 2025