Input Validation Flaw in Apple Products Affects Multiple Platforms
CVE-2025-31281

9.1CRITICAL

Key Information:

Vendor: Apple
Status: Mac OS; TV OS; Visionos; iOS And iPad OS
Vendor: CVE Published:; 30 July 2025

What is CVE-2025-31281?

An input validation flaw has been detected in Apple operating systems, which was addressed through enhancements in memory handling. This vulnerability can be exploited when processing specially crafted files, potentially leading to unexpected application termination. Users are encouraged to update to the latest versions of visionOS, tvOS, macOS, iOS, and iPadOS to mitigate risks associated with this vulnerability.

Affected Version(s)

iOS and iPadOS < 18.6

macOS < 15.6

tvOS < 18.6

References

https://support.apple.com/en-us/124149

https://support.apple.com/en-us/124153

https://support.apple.com/en-us/124154

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2025