CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-31220
https://notcve.org/view.php?id=CVE-2025-31220
12 May 2025 — A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information. • https://support.apple.com/en-us/122405 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24258
https://notcve.org/view.php?id=CVE-2025-24258
12 May 2025 — A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges. • https://support.apple.com/en-us/122373 • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31236
https://notcve.org/view.php?id=CVE-2025-31236
12 May 2025 — An information disclosure issue was addressed with improved privacy controls. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user data. • https://support.apple.com/en-us/122716 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24223 – webkitgtk: Processing maliciously crafted web content may lead to memory corruption
https://notcve.org/view.php?id=CVE-2025-24223
12 May 2025 — The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption. A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory handling and result in memory corruption. • https://support.apple.com/en-us/122404 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24274
https://notcve.org/view.php?id=CVE-2025-24274
12 May 2025 — An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. • https://support.apple.com/en-us/122716 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31241
https://notcve.org/view.php?id=CVE-2025-31241
12 May 2025 — A double free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A remote attacker may cause an unexpected app termination. • https://support.apple.com/en-us/122404 • CWE-415: Double Free •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-31257
https://notcve.org/view.php?id=CVE-2025-31257
12 May 2025 — This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. • https://support.apple.com/en-us/122404 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31256
https://notcve.org/view.php?id=CVE-2025-31256
12 May 2025 — The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes. • https://support.apple.com/en-us/122716 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24111
https://notcve.org/view.php?id=CVE-2025-24111
12 May 2025 — A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.3, visionOS 2.3, iPadOS 17.7.7, watchOS 11.3, macOS Sonoma 14.7.5, iOS 18.3 and iPadOS 18.3, tvOS 18.3, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination. • https://support.apple.com/en-us/122066 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-31217
https://notcve.org/view.php?id=CVE-2025-31217
12 May 2025 — The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. • https://support.apple.com/en-us/122404 • CWE-20: Improper Input Validation •