CVE-2025-31277

HIGH
2025-07-30 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Patch Released
Apr 05, 2026 - 20:30 nvd
Patch available
Added to CISA KEV
Apr 03, 2026 - 14:30 cisa
CISA KEV
PoC Detected
Apr 03, 2026 - 14:30 vuln.today
Public exploit code
Analysis Generated
Mar 19, 2026 - 18:30 vuln.today
CVE Published
Jul 30, 2025 - 00:15 nvd
HIGH 8.8

Tags

Buffer Overflow Apple Redhat Suse

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.

Analysis

WebKit memory corruption in Safari 18.6 and multiple Apple platforms allows remote code execution when processing maliciously crafted web content, exploited in the wild as a zero-day.

Technical Context

The CWE-119 buffer handling flaw in WebKit's content processing engine allows an attacker to corrupt heap memory through malicious HTML/JavaScript payloads. Apple addressed this with improved memory handling in the WebKit rendering pipeline.

Affected Products

['Apple Safari before 18.6', 'Apple watchOS before 11.6', 'Apple visionOS before 2.6', 'Apple iOS/iPadOS before 18.6', 'Apple macOS Sequoia before 15.6', 'Apple tvOS before 18.6']

Remediation

Update all Apple devices immediately. Organizations should enable Rapid Security Response on managed devices and consider Lockdown Mode for high-risk users.

Priority Score

114
Low Medium High Critical
KEV: +50
EPSS: +0.1
CVSS: +44
POC: +20

Vendor Status

Share

CVE-2025-31277 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy