Threat Intelligence / CVE / CVE-2025-31277

CVE-2025-31277

CISA KEV

CVSS 8.8 (HIGH) · EPSS 0.2% · Published 2025-07-30

The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-119

Threats tracking this CVE

DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors (CVE-2026-20700, CVE-2025-43529, CVE-2025-31277) — CRITICAL

References

https://support.apple.com/en-us/124147
https://support.apple.com/en-us/124149
https://support.apple.com/en-us/124152
https://support.apple.com/en-us/124153
https://support.apple.com/en-us/124154
https://support.apple.com/en-us/124155
http://seclists.org/fulldisclosure/2025/Aug/0
http://seclists.org/fulldisclosure/2025/Jul/30
http://seclists.org/fulldisclosure/2025/Jul/32
http://seclists.org/fulldisclosure/2025/Jul/36

Full detection coverage & IOCs for threats exploiting CVE-2025-31277 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence