Out-of-Bounds Read Vulnerability in Apple iPadOS and macOS
CVE-2025-31196

5.5MEDIUM

Key Information:

Vendor: Apple
Status: iPad OS; Mac OS
Vendor: CVE Published:; 12 May 2025

What is CVE-2025-31196?

An out-of-bounds read vulnerability has been identified in iPadOS and macOS that stems from insufficient input validation. Attackers can exploit this flaw by processing a specially crafted file, which may result in a denial-of-service condition or potentially expose sensitive memory contents. To mitigate this risk, Apple has released updates to iPadOS and macOS, including versions 17.7.7, 13.7.6, and 14.7.6, which provide improved validation mechanisms to safeguard against such attacks.

Affected Version(s)

iPadOS < 17.7

macOS < 14.7

macOS < 13.7

References

https://support.apple.com/en-us/122405

https://support.apple.com/en-us/122717

https://support.apple.com/en-us/122718

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2025
Vulnerability Reserved
Mar 27, 2025