← back
CVE-2025-31277

CVE-2025-31277

CVSS 8.8 HIGHEPSS 1.4%● KEVCWE-119
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 1.4%KEV simPoC públicaNuclei Metasploit Patch
Lifecycle
29 Jul 2025Published on NVD
20 Mar 2026Active exploitation (CISA KEV)
27 Mar 2026Public PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Safari and Apple devices allows attackers to corrupt memory by sending maliciously crafted web content. This can crash your browser or potentially enable further attacks on your device.

Technical detail

Buffer overflow or out-of-bounds memory access vulnerability (CWE-119) in Safari's web content processing engine. Remote attack vector via malicious web content; no user interaction beyond visiting a crafted webpage required. Successful exploitation leads to memory corruption, enabling code execution or denial of service.

Summary generated and translated by AI from the official description.
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · SafariApple · tvOSApple · visionOSApple · watchOS
public PoCs found1
githubgithub.com/stationedK-06/DarkSword_analysis0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/http://seclists.org/fulldisclosure/2025/Aug/0http://seclists.org/fulldisclosure/2025/Jul/30http://seclists.org/fulldisclosure/2025/Jul/32http://seclists.org/fulldisclosure/2025/Jul/36https://support.apple.com/en-us/124147https://support.apple.com/en-us/124149https://support.apple.com/en-us/124152https://support.apple.com/en-us/124153https://support.apple.com/en-us/124154https://support.apple.com/en-us/124155https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277