Description
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a denial-of-service.
Published: 2025-04-29
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

An integer overflow flaw exists in input validation routines on Apple operating systems, allowing a local network attacker to trigger a denial‑of‑service condition. The weakness, classified as CWE‑190, leads to untrusted data being processed without proper bounds checking, which can cause the system to crash or become unresponsive. The impact is limited to the affected device and would not result in remote code execution or data exfiltration, but would deny legitimate users access to the device.

Affected Systems

Apple iOS versions older than 18.4, iPadOS versions older than 18.4 or older than 17.7.6, macOS Sequoia versions older than 15.4, macOS Sonoma versions older than 14.7.5, tvOS versions older than 18.4, visionOS versions older than 2.4, and watchOS versions older than 11.4 are affected.

Risk and Exploitability

The CVSS score of 6.5 categorizes the vulnerability as medium severity, while an EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting no known widespread exploitation. Attackers would need local network access to the device, implying that segmenting networks and restricting local traffic can reduce risk. Exploitation would cause a local device crash or reboot, observable as a sudden loss of service.

Generated by OpenCVE AI on April 28, 2026 at 11:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware updates for all Apple devices: iOS 18.4 or later, iPadOS 18.4 or 17.7.6 or later, macOS Sequoia 15.4 or Sonoma 14.7.5 or later, tvOS 18.4 or later, visionOS 2.4 or later, watchOS 11.4 or later.
  • If a device cannot be updated, isolate it on a separate VLAN or restrict local network access to prevent untrusted hosts from reaching the device.
  • Monitor the device for unexpected restarts or crashes that may indicate an attempted exploitation.

Generated by OpenCVE AI on April 28, 2026 at 11:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12654 An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.
History

Tue, 28 Apr 2026 12:00:00 +0000

Type Values Removed Values Added
Title Local Network Integer Overflow Leading to Denial of Service

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service. An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An attacker on the local network may be able to cause a denial-of-service.

Mon, 05 May 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos

Wed, 30 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 29 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 29 Apr 2025 02:30:00 +0000

Type Values Removed Values Added
Description An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may be able to cause a denial-of-service.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:08:32.383Z

Reserved: 2025-03-27T16:13:58.315Z

Link: CVE-2025-31203

cve-icon Vulnrichment

Updated: 2025-04-29T15:17:40.504Z

cve-icon NVD

Status : Modified

Published: 2025-04-29T03:15:35.133

Modified: 2026-04-02T19:19:46.937

Link: CVE-2025-31203

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:45:30Z

Weaknesses