CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31185
https://notcve.org/view.php?id=CVE-2025-31185
19 May 2025 — A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication. • https://support.apple.com/en-us/122066 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2025-31262
https://notcve.org/view.php?id=CVE-2025-31262
19 May 2025 — A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An app may be able to modify protected parts of the file system. • https://support.apple.com/en-us/122066 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-31220 – Apple Security Advisory 05-12-2025-5
https://notcve.org/view.php?id=CVE-2025-31220
12 May 2025 — A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information. macOS Ventura 13.7.6 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122405 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24258 – Apple Security Advisory 05-12-2025-5
https://notcve.org/view.php?id=CVE-2025-24258
12 May 2025 — A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges. macOS Ventura 13.7.6 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122373 • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31236 – Apple Security Advisory 05-12-2025-3
https://notcve.org/view.php?id=CVE-2025-31236
12 May 2025 — An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. macOS Sequoia 15.5 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122716 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24223 – webkitgtk: Processing maliciously crafted web content may lead to memory corruption
https://notcve.org/view.php?id=CVE-2025-24223
12 May 2025 — The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in memory corruption. • https://support.apple.com/en-us/122404 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24274 – Apple Security Advisory 05-12-2025-5
https://notcve.org/view.php?id=CVE-2025-24274
12 May 2025 — An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. macOS Ventura 13.7.6 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122716 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31241 – Apple Security Advisory 05-12-2025-8
https://notcve.org/view.php?id=CVE-2025-31241
12 May 2025 — A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination. macOS Ventura 13.7.6 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122404 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31257 – webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
https://notcve.org/view.php?id=CVE-2025-31257
12 May 2025 — This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in an unexpected crash. macOS Sequoia 15.5 addresses bypass, code execution, double free, information leakage, i... • https://support.apple.com/en-us/122404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31256 – Apple Security Advisory 05-12-2025-3
https://notcve.org/view.php?id=CVE-2025-31256
12 May 2025 — The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes. macOS Sequoia 15.5 addresses bypass, code execution, double free, information leakage, integer overflow, out of bounds read, and use-after-free vulnerabilities. • https://support.apple.com/en-us/122716 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •