Description
A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may cause an unexpected app termination.
Published: 2025-05-12
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (app termination)
Action: Apply Updates
AI Analysis

Impact

The flaw is a double free error in Apple’s operating systems that can be triggered by a remote attacker, causing an unexpected application termination. The vulnerability stems from improper memory deallocation where a free operation is performed twice, leading to corrupted internal memory structures. While it does not allow code execution or data theft, the denial of service can degrade user experience and affect application stability.

Affected Systems

Apple product families including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are affected. Versions iOS 18.5, iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, and watchOS 11.5 contain the unpatched bug.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, a remote attacker could potentially trigger the vulnerability by interacting with a vulnerable application over a remote channel, leading to application crashes. The overall risk is moderate but mitigable through patching.

Generated by OpenCVE AI on April 28, 2026 at 11:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all Apple devices to the latest releases that contain the memory‑management fix, including iOS 18.5, iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, and watchOS 11.5.
  • Automate or schedule the operating system update process to ensure all devices receive the security fix promptly and perform a reboot to complete the installation.
  • If devices cannot be updated immediately, restrict execution of the affected applications to trusted user accounts and monitor for unexpected crashes to minimize service disruption.

Generated by OpenCVE AI on April 28, 2026 at 11:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14399 A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.
History

Tue, 28 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Title Remote Application Termination via Double Free in Apple OS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination. A double free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. A remote attacker may cause an unexpected app termination.

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 14 Aug 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 May 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos

Tue, 13 May 2025 16:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-415
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:25:43.157Z

Reserved: 2025-03-27T16:13:58.325Z

Link: CVE-2025-31241

cve-icon Vulnrichment

Updated: 2025-11-03T19:51:41.940Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:24.460

Modified: 2026-04-02T19:19:53.477

Link: CVE-2025-31241

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:30:29Z

Weaknesses