Out-of-Bounds Read Vulnerability in Apple iPadOS and macOS
CVE-2025-31196

5.5MEDIUM

Key Information:

Vendor

Apple

Vendor
CVE Published:
12 May 2025

What is CVE-2025-31196?

An out-of-bounds read vulnerability has been identified in iPadOS and macOS that stems from insufficient input validation. Attackers can exploit this flaw by processing a specially crafted file, which may result in a denial-of-service condition or potentially expose sensitive memory contents. To mitigate this risk, Apple has released updates to iPadOS and macOS, including versions 17.7.7, 13.7.6, and 14.7.6, which provide improved validation mechanisms to safeguard against such attacks.

Affected Version(s)

iPadOS < 17.7

macOS < 14.7

macOS < 13.7

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.