CVE-2025-31206

CVE Database · CVE-2025-31206

CVE-2025-31206

· MEDIUMModified

CVSS v3.1

4.3

EPSS

0.90%

Published

May 12, 2025

Modified

Apr 2, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Weaknesses (CWE)

CWE-843

Affected Products (8)

apple · safari (up to 18.5)vulnerable

apple · ipados (up to 17.7.7)vulnerable

apple · ipados (up to 18.5)vulnerable

apple · iphone_os (up to 18.5)vulnerable

apple · macos (up to 15.5)vulnerable

apple · tvos (up to 18.5)vulnerable

apple · visionos (up to 2.5)vulnerable