Null Pointer Dereference Vulnerability in Apple Operating Systems
CVE-2025-31202

5.5MEDIUM

Key Information:

Vendor: Apple
Status: TV OS; iOS And iPad OS; Mac OS; Visionos
Vendor: CVE Published:; 29 April 2025

Summary

A null pointer dereference vulnerability was identified, affecting various Apple operating systems, including iOS, iPadOS, macOS, tvOS, and visionOS. When exploited by an attacker on the local network, this vulnerability may lead to a denial-of-service condition. The issue has been remedied through enhanced input validation, and the fix has been implemented in recent updates across the affected versions.

Affected Version(s)

iOS and iPadOS < 18.4

macOS < 15.4

tvOS < 18.4

References

https://support.apple.com/en-us/122377

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122373

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 29, 2025