What is the CVSS score of CVE-2025-46306?

CVE-2025-46306 has a CVSS 3.1 base score of 5.5 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of iOS are affected by CVE-2025-46306?

Organizations using The should be aware of moderate risk from CVE-2025-46306, a out-of-bounds read vulnerability rated CVSS 5.5. Exploitation could cause memory corruption or application crashes.

How to fix or mitigate CVE-2025-46306?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

iOS CVE-2025-46306

MEDIUM

Out-of-bounds Read (CWE-125)

2026-01-28 product-security@apple.com

Buffer Overflow Information Disclosure Apple iOS macOS

5.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 28, 2026 - 18:16 nvd

MEDIUM 5.5

DescriptionNVD

The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote file may disclose memory contents.

AnalysisAI

The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. [CVSS 5.5 MEDIUM]

Technical ContextAI

Classified as CWE-125 (Out-of-bounds Read). Affects Keynote. The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote file may disclose memory contents.