anonhaven
Ad

CVE-2025-31277

HIGH CVSS 3.1: 8.8 EPSS 0.17% ACTIVE EXPLOIT
Updated Apr 03, 2026
Apple

CISA Known Exploited Vulnerability (KEV)

This vulnerability is actively exploited in the wild. Immediate patching is strongly recommended.

Due Date: Apr 03, 2026

Parameter Value
CVSS 8.8 (HIGH)
Affected Versions 15.0 — 2.6
Fixed In 18.6
Type CWE-119 (Buffer Overflow)
Vendor Apple
Public PoC Yes

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-119 Buffer Overflow

Vulnerable Products 7

Configuration From (including) Up to (excluding)
Apple Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
 18.6
Apple Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
 18.6
Apple Iphone_Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
 18.6
Apple Macos
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
 15.0 15.6
Apple Tvos
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
 18.6
Apple Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
 2.6
Apple Watchos
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
 11.6

References 12

https://support.apple.com/en-us/124147
product-security@apple.com
https://support.apple.com/en-us/124149
product-security@apple.com
https://support.apple.com/en-us/124152
product-security@apple.com
https://support.apple.com/en-us/124153
product-security@apple.com
https://support.apple.com/en-us/124154
product-security@apple.com
https://support.apple.com/en-us/124155
product-security@apple.com
http://seclists.org/fulldisclosure/2025/Aug/0
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jul/30
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jul/32
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jul/36
af854a3a-2127-422b-91ae-364da2661108
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-…
134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025…
134c704f-9b21-4f2e-91b3-4a467353bcc0
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-6318

Linux

8.8

CVE-2026-6317

Linux

8.8

CVE-2026-6316

Linux

8.8

CVE-2026-6314

Linux

8.3

CVE-2026-6313

Linux

3.1