Description
The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
Published: 2025-05-12
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service / Kernel Corruption
Action: Patch Immediately
AI Analysis

Impact

The vulnerability arises from a failure in input sanitization that allows an attacker to supply malformed data leading to unexpected system termination or kernel memory corruption. This flaw is a classic buffer overflow (CWE‑119) and could potentially destabilize the operating system or expose sensitive memory contents. The impact manifests as a denial of service, with the possible escalation to more severe kernel compromise if the attacker can control the corrupted memory region.

Affected Systems

Apple products are affected across several lines of their operating system fleet. iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, and visionOS 2.5 contain the vulnerable code. The bug was patched in these versions; earlier releases remain at risk. The vulnerability spans mobile, desktop, and wearable devices running the respective OS versions.

Risk and Exploitability

The CVSS score of 8.2 marks this as high severity, while the EPSS score of less than 1% indicates a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed large‑scale exploitation. The likely attack vector is through local or system‑level input, potentially via user‑controlled data that reaches the affected sanitization routine. Due to the absence of publicly disclosed exploits, organizations should treat this flaw as a high‑risk but low‑probability threat.

Generated by OpenCVE AI on April 28, 2026 at 01:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the patched OS versions (iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5).
  • Use Apple’s Automatic Updates or a mobile device management solution to ensure devices receive the latest security updates promptly.
  • Until updates are available, restrict or disable any privileged services or deprecated APIs that may exercise the vulnerable code paths, if feasible.

Generated by OpenCVE AI on April 28, 2026 at 01:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14776 The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
History

Tue, 28 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Improper Input Sanitization Leading to Kernel Memory Corruption in Apple Systems

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory. The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos

Thu, 15 May 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved input sanitization. This issue is fixed in visionOS 2.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:11:37.338Z

Reserved: 2025-03-27T16:13:58.323Z

Link: CVE-2025-31234

cve-icon Vulnrichment

Updated: 2025-11-03T19:51:00.585Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:23.797

Modified: 2026-04-02T19:19:52.200

Link: CVE-2025-31234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:00:15Z

Weaknesses