Input Validation Vulnerability in Safari Affecting Apple Devices
CVE-2025-31217

6.5MEDIUM

Key Information:

Vendor: Apple
Status: TV OS; Mac OS; iPad OS; iOS And iPad OS
Vendor: CVE Published:; 12 May 2025

What is CVE-2025-31217?

An input validation vulnerability in Safari could allow attackers to exploit improperly handled web content, potentially resulting in unexpected crashes of the application. This may lead to user disruption and data exposure. Apple has addressed this issue in multiple updates across its device operating systems, enhancing security measures to prevent exploitation.

Affected Version(s)

iOS and iPadOS < 18.5

iPadOS < 17.7

macOS < 15.5

References

https://support.apple.com/en-us/122720

https://support.apple.com/en-us/122716

https://support.apple.com/en-us/122405

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2025
Vulnerability Reserved
Mar 27, 2025

JSON