Cross-Origin Data Exfiltration Vulnerability in Apple Products
CVE-2025-31205
6.5MEDIUM
What is CVE-2025-31205?
A vulnerability exists in multiple Apple platforms that allows a malicious website to potentially exfiltrate sensitive data from user devices through cross-origin requests. This issue was mitigated by implementing enhanced verification checks. Users are encouraged to update their devices to the latest versions: watchOS 11.5, tvOS 18.5, iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, and Safari 18.5, to protect against this potential exploit.
Affected Version(s)
iOS and iPadOS < 18.5
macOS < 15.5
Safari < 18.5