🟢 CVE-2025-31277

Memory corruption vulnerability in Apple WebKit affecting Safari and other Apple client devices when processing malicious web content. This is a client-side vulnerability requiring user interaction to visit a malicious website, not exploitation of internet-facing servers.

← Back to Overview
LOW_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-07-29

Added to CISA KEV: 2026-03-20 234 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-31277 is a critical memory corruption vulnerability in Apple Safari and related Apple operating systems that has been actively exploited in the wild [1] [2].

Exploitation and Threat Actor Usage
  • Active Exploitation: The vulnerability is confirmed to be actively exploited in the wild [3] [1].
  • Targeted Attacks: It has been identified as part of the "Darksword" iOS exploit chain, which is utilized in targeted attacks [1]. It is also listed in the CISA Known Exploited Vulnerabilities (KEV) catalog [3] [4].
Attack Method and Requirements
  • Attack Vector: The attack is remote and network-based; it does not require local access [2].
  • User Interaction: Successful exploitation requires user interaction, typically involving the victim processing malicious web content through Safari [1] [2].
  • Authentication: No authentication is required for a successful attack [2].
Impact
  • Consequences: Exploitation leads to memory corruption, which can result in arbitrary code execution [1]. This provides an attacker with high-level impacts on confidentiality, integrity, and availability of the affected device [1].
Exploit Availability
  • Status: Proof-of-concept or functional exploit code is considered available, as evidenced by its inclusion in active exploit chains like Darksword [1] [2].
Affected Products and Mitigation
  • Affected Versions: The vulnerability affects various Apple platforms, including Safari, iOS, iPadOS, macOS, tvOS, watchOS, and visionOS [1].
  • Patch Status: The issue was addressed by Apple in July 2025. Users should ensure they are running at least the following versions (or later) to be protected [1]:
* Safari: 18.6 * iOS/iPadOS: 18.6 * macOS Sequoia: 15.6 * tvOS: 18.6 * watchOS: 11.6 * visionOS: 2.6

Sources

  1. CVE-2025-31277 - Exploits & Severity - Feedly

    Impact An attacker can craft malicious web content that, when processed by Safari or a vulnerable Apple OS, exploits the use-after-free condition to achieve arbitrary code execution with high confidentiality, integrity, and availability impacts. The vulnerability has been actively exploited in the w…

  2. CVE-2025-31277 Apple iOS/iPadOS Web memory corruption...

    This vulnerability is cataloged as CVE-2025-31277. You should upgrade the affected component.The advisory is shared for download at support.apple.com. This vulnerability was named CVE-2025-31277 since 03/27/2025. The exploitation appears to be easy. The attack can be initiated remotely. No form of a…

  3. CVE-2025-31277 Apple — Exploit & Vulnerability Details HIGH

    CISA Known Exploited Vulnerability (KEV). This vulnerability is actively exploited in the wild. Immediate patching is strongly recommended. Due Date: Apr 03, 2026.Affected Versions. 15.0 — 2.6. Fixed In.

  4. NVD - CVE-2025-31277

    An official website of the United States government Here's how you know ... Release Notes Vendor Advisory. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31277.Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirement…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed