Authorization Issue in Apple Products Resulting in Potential Data Exposure
CVE-2025-31255

9.8CRITICAL

Key Information:

Vendor

Apple

Vendor
CVE Published:
15 September 2025

What is CVE-2025-31255?

A persistent authorization issue has been identified across several Apple platforms, allowing potentially unauthorized access to sensitive user data. This vulnerability arises from inadequate state management mechanisms. Apple has implemented a fix across its operating systems: tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, watchOS 26, macOS Tahoe 26, iOS 26, and iPadOS 26, enhancing security measures to protect sensitive information.

Affected Version(s)

iOS and iPadOS < 26

macOS < 14.8

macOS < 26

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.