Use-after-free Vulnerability in Apple Products
CVE-2025-31239

3.3LOW

Key Information:

Vendor: Apple
Status: TV OS; Mac OS; iPad OS; iOS And iPad OS
Vendor: CVE Published:; 12 May 2025

What is CVE-2025-31239?

A use-after-free vulnerability has been identified across multiple Apple operating systems, which could lead to unexpected application terminations when parsing specific files. This flaw was addressed with enhanced memory management processes to mitigate potential risks to user data and system stability. Users are recommended to update to the latest versions to ensure protection against exploitation.

Affected Version(s)

iOS and iPadOS < 18.5

iPadOS < 17.7

macOS < 15.5

References

https://support.apple.com/en-us/122720

https://support.apple.com/en-us/122716

https://support.apple.com/en-us/122405

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2025
Vulnerability Reserved
Mar 27, 2025