Description
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network.
Published: 2025-03-31
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Local Network Access
Action: Immediate Patch
AI Analysis

Impact

This vulnerability results from improper permission checking that enables an application to access the local network without proper authorization. The flaw is classified as CWE‑281, indicating an authorization weakness. An attacker could use a malicious or misconfigured app to discover, communicate with, or manipulate devices on a local network, potentially exfiltrating data or disrupting services for that network.

Affected Systems

Affected Apple products include Safari, iOS, iPadOS, macOS, and visionOS. The remedy is available in Safari 18.4, iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, and visionOS 2.4.

Risk and Exploitability

The CVSS score of 7.8 places this issue in the high‑severity range, while the EPSS score of less than 1% indicates a low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector requires a malicious or intentionally misbehaving application that bypasses standard local‑network permission prompts, allowing it to probe or communicate with devices on the user’s local network.

Generated by OpenCVE AI on April 28, 2026 at 03:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Safari to 18.4 or later.
  • Update iOS and iPadOS to 18.4 or later.
  • Update macOS to Sequoia 15.4 or later.
  • Update visionOS to 2.4 or later.
  • If an update is unavailable, limit local‑network access for untrusted applications through Settings > Privacy > Local Network.

Generated by OpenCVE AI on April 28, 2026 at 03:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8887 This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.
History

Tue, 28 Apr 2026 03:45:00 +0000

Type Values Removed Values Added
Title Unauthorized Local Network Access via Improper Permission Checks in Apple Safari and Operating Systems

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network. This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network.

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 15 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple visionos
CPEs cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple safari
Apple visionos

Mon, 07 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-281
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.
References

Subscriptions

Apple Ipados Iphone Os Macos Safari Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:08:41.383Z

Reserved: 2025-03-27T16:13:58.311Z

Link: CVE-2025-31184

cve-icon Vulnrichment

Updated: 2025-11-03T21:16:53.091Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:28.847

Modified: 2026-04-02T19:19:43.367

Link: CVE-2025-31184

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T03:30:19Z

Weaknesses