Description
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted file may lead to heap corruption.
Published: 2025-07-29
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Heap Corruption
Action: Patch
AI Analysis

Impact

A memory corruption flaw in macOS triggers heap corruption when a maliciously crafted file is processed. The description does not state that arbitrary code execution is guaranteed, but the type of vulnerability (CWE‑122) could potentially be leveraged for unintended memory manipulation or execution if an attacker succeeds. The impact therefore revolves around integrity and possible control of the affected system.

Affected Systems

Apple’s macOS operating system is vulnerable on all releases prior to macOS Sequoia 15.6; the issue has been resolved in Sequoia 15.6 and later versions.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, yet the EPSS score of less than 1% suggests a low probability of current exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely require local access to supply a specially crafted file; an attacker would need to deliver or induce the system to open such a file. No publicly available exploit is documented, and no workaround is provided.

Generated by OpenCVE AI on April 28, 2026 at 10:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update macOS to Sequoia 15.6 or later to apply the patch.
  • Minimize exposure of the system to untrusted or unknown files; use secure file handling practices to avoid opening potentially malicious documents.
  • Maintain Gatekeeper and other macOS security features that restrict unauthorized code execution as an additional safeguard.
  • Report suspicious files or behaviors to Apple Security for analysis.

Generated by OpenCVE AI on April 28, 2026 at 10:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-23102 A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted file may lead to heap corruption.
History

Tue, 28 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Title Memory Corruption Vulnerability in macOS via Malicious File

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Thu, 31 Jul 2025 21:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Thu, 31 Jul 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 31 Jul 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple sequoia
Vendors & Products Apple
Apple macos
Apple sequoia

Tue, 29 Jul 2025 23:45:00 +0000

Type Values Removed Values Added
Description A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted file may lead to heap corruption.
References

Subscriptions

Apple Macos Sequoia
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:10:03.631Z

Reserved: 2025-03-27T16:13:58.345Z

Link: CVE-2025-31280

cve-icon Vulnrichment

Updated: 2025-11-03T19:53:03.260Z

cve-icon NVD

Status : Modified

Published: 2025-07-30T00:15:31.163

Modified: 2025-11-03T20:18:25.317

Link: CVE-2025-31280

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:00:14Z

Weaknesses