Description
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.
Published: 2025-05-12
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via application crashes
Action: Patch Now
AI Analysis

Impact

A use‑after‑free bug in Apple’s operating systems may cause an application to terminate unexpectedly when it parses a file. The flaw is triggered by improper memory reclamation and is classified as CWE‑416, which can lead to denial of service by crashing an app.

Affected Systems

The vulnerability affects Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Versions preceding iOS 18.5, iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, and watchOS 11.5 are affected.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity; the EPSS score of <1% shows a very low probability of exploitation at the time of analysis. The vulnerability is not listed in the CISA KEV catalog. Likely attack vector is local file parsing; a user or malicious file could trigger the crash by causing the corrupted memory state.

Generated by OpenCVE AI on April 28, 2026 at 11:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched OS version (iOS 18.5, iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, or watchOS 11.5).
  • If an upgrade is not yet possible, avoid opening or processing untrusted files that could trigger the bug.
  • Apply any additional vendor security updates as they become available, ensuring the latest memory‑management fixes are in place.

Generated by OpenCVE AI on April 28, 2026 at 11:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14774 A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
History

Tue, 28 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Title Use-After-Free Leading to App Termination via File Parsing

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 22 Aug 2025 04:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

Tue, 27 May 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos

Tue, 13 May 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:03.495Z

Reserved: 2025-03-27T16:13:58.325Z

Link: CVE-2025-31239

cve-icon Vulnrichment

Updated: 2025-11-03T19:51:28.139Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:24.267

Modified: 2026-04-02T19:19:53.087

Link: CVE-2025-31239

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:30:29Z

Weaknesses