Description
The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
Published: 2025-05-12
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Memory Corruption Leading to App Termination
Action: Apply Patch
AI Analysis

Impact

A malformed video file can trigger improper input handling in Apple's media framework, causing either an unexpected application termination or corrupting process memory. The flaw arises from insufficient input validation, which may undermine memory integrity during video processing and thus disrupt software reliability. This weakness does not appear to provide a direct path to arbitrary code execution but can lead to denial‑of‑service or uncontrolled memory corruption.

Affected Systems

Apple iOS 18.5 and earlier, iPadOS 18.5 and 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, and watchOS 11.5 and earlier. Systems running any of the mentioned OS versions before the listed updates are potentially vulnerable and need to be patched.

Risk and Exploitability

The CVSS score of 6.3 indicates a medium severity flaw, and the EPSS score of <1% suggests a low probability of exploitation in the wild. Apple has not catalogued this issue in its KEV list, indicating that it is not currently known to be actively exploited. The attack vector is inferred to be local or remote delivery of a maliciously crafted video file, as the flaw is triggered when the OS processes such a file. An attacker with access to a device that can load the file might exploit this vulnerability to crash applications or corrupt process memory.

Generated by OpenCVE AI on April 28, 2026 at 01:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest iOS, iPadOS, macOS, tvOS, visionOS, and watchOS updates that contain the fixes for the respective builds (iOS 18.5, iPadOS 18.5/17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, and watchOS 11.5).
  • Restart the device after applying updates to ensure that the new media framework components are loaded correctly.
  • Limit the execution of untrusted video content by restricting playback to trusted sources or sandboxed applications to mitigate the risk of inadvertent exploitation until a patch is applied.

Generated by OpenCVE AI on April 28, 2026 at 01:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14622 The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
History

Tue, 28 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Malformed Video File Input Sanitization Flaw Causes App Termination or Memory Corruption

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory. The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos

Tue, 13 May 2025 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:14:35.462Z

Reserved: 2025-03-27T16:13:58.323Z

Link: CVE-2025-31233

cve-icon Vulnrichment

Updated: 2025-11-03T19:50:55.046Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:23.683

Modified: 2026-04-02T19:19:51.987

Link: CVE-2025-31233

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:00:15Z

Weaknesses