CVE Catalog

Actively exploited in the wild

Apple Multiple Products Buffer Overflow Vulnerability

Apple — Multiple Products · Listed in the CISA KEV since 2026-03-20. This indicates confirmed attacks in production environments.

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-31277

HighCVSS 8.8KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.48%

71th percentile — higher than 71% of all known CVEs

Summary

A vulnerability in WebKit allows memory corruption when processing maliciously crafted web content. The issue was fixed by improving memory handling.

Risk Assessment

An attacker could exploit this vulnerability to execute arbitrary code in the browser context, potentially leading to device compromise or data theft.

Recommendation

Immediately update Apple systems (Safari, iOS, iPadOS, macOS, tvOS, visionOS, watchOS) to the latest versions mentioned in the CVE description.

Original NVD description (English source)

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS