KEVIntel
PRO Back to KEVs
8.8
CVSS
High

CVE-2025-31277

PUBLISHED

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6,...

Exploited in the wild Remote Low complexity
Vendor
Apple
Product
Safari, iOS and iPadOS, macOS, tvOS, visionOS, watchOS
Published
Jul 29, 2025
EPSS
0.3% · 49% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

cisa

Weaknesses (CWE)

  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

CVSS scores

CVSS v3.1 8.8 High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-01 13:30:35 UTC · CISA

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA First 2026-06-01 13:30 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel