Description
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
Published: 2025-05-29
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Memory corruption potentially enabling arbitrary code execution
Action: Apply patch
AI Analysis

Impact

The vulnerability is an improper memory handling flaw that can lead to a buffer overrun. An application's misuse of memory buffers could corrupt the memory of the system coprocessor, exposing the system to instability or compromising confidentiality and integrity. The weakness reflects a classic buffer overflow (CWE‑119).

Affected Systems

Apple’s macOS operating system is affected. The issue was fixed in macOS Sequoia 15.4, so versions prior to 15.4 are at risk. The vulnerability could impact any application running on macOS that interacts with coprocessor memory. All users of affected macOS releases need to consider this.

Risk and Exploitability

The CVSS score of 9.1 places this vulnerability in the critical range. Each attacker would need to exploit the flaw via a memory boundary violation, usually from inside an application, which makes it a local or privileged attacker scenario. The EPSS score is below 1%, indicating low public exploitation likelihood currently. The vulnerability is not cataloged in CISA’s KEV, which means it has not yet been widely exploited in the wild. However, the high severity score suggests that attackers who discover or develop an exploit would have a powerful attack vector.

Generated by OpenCVE AI on April 28, 2026 at 01:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.4 or later, which includes the improved memory handling fix.
  • Apply any available updates to third‑party software that may interact with coprocessor memory to ensure they respect memory bounds.
  • Enable or verify that System Integrity Protection is active, and monitor system logs for unusual coprocessor activity.

Generated by OpenCVE AI on April 28, 2026 at 01:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-16430 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
References
Link Providers
https://support.apple.com/en-us/122373 cve-icon cve-icon
History

Tue, 28 Apr 2026 02:00:00 +0000

Type Values Removed Values Added
Title Coprocessor Memory Corruption via Improper Memory Handling

Mon, 02 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Fri, 30 May 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 30 May 2025 22:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}

Thu, 29 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:11:28.712Z

Reserved: 2025-03-27T16:13:58.338Z

Link: CVE-2025-31263

cve-icon Vulnrichment

Updated: 2025-05-30T14:43:14.639Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-29T22:15:22.250

Modified: 2025-06-02T15:59:55.480

Link: CVE-2025-31263

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:45:18Z

Weaknesses