CVE-2025-31184

CVE Database · CVE-2025-31184

CVE-2025-31184

· HIGHModified

CVSS v3.1

7.8

EPSS

0.23%

Published

Mar 31, 2025

Modified

Apr 2, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-281

Affected Products (5)

apple · visionos (up to 2.4)vulnerable

apple · safari (up to 18.4)vulnerable

apple · iphone_os (up to 18.4)vulnerable

apple · ipados (up to 18.4)vulnerable

apple · macos (up to 15.4)vulnerable

References (8)

https://support.apple.com/en-us/122371

Vendor Advisory

https://support.apple.com/en-us/122373

Vendor Advisory

https://support.apple.com/en-us/122378

Vendor Advisory

https://support.apple.com/en-us/122379

Vendor Advisory

http://seclists.org/fulldisclosure/2025/Apr/12

http://seclists.org/fulldisclosure/2025/Apr/2

http://seclists.org/fulldisclosure/2025/Apr/4

http://seclists.org/fulldisclosure/2025/Apr/8

KEV Catalog EPSS Scores Vendors All CVEs