- Description
- This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to delete files for which it does not have permission.
- Source
- product-security@apple.com
- NVD status
- Modified
- Products
- ipados, iphone_os, macos, tvos, visionos
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-862
- Hype score
- Not currently trending
π΄ #Apple #OS Suite, Improper Symlink Handling, #CVE-2025-31182 (Critical) https://t.co/qgvSXo0vcn
@dailycve
4 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Apple fixes a critical flaw (CVE-2025-31182) that allowed unauthorized file deletion via symlink misuse. Impact: CVSS 9.8 π¨ Affected? Update now. Details π https://t.co/52hO3TNkYz #Apple #Cybersecurity #CVE202531182
@threatsbank
2 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ο£Ώ Today's April 1st. From garage geeks to tech titans: Happy Birthday, Apple Our team discovered security vulnerabilities in launchd, SMB, and Kerberos. CVE-2025-24269 CVE-2025-31182 CVE-2025-24235 CVE-2025-30444 https://t.co/8eq1et5ysq https://t.co/0H0GJJ3nol
@spr_networks
1 Apr 2025
412 Impressions
5 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-31182 File Deletion Vulnerability in Apple Operating Systems Affecting Multiple Versions https://t.co/gwR9abrirO
@VulmonFeeds
1 Apr 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
When Apple fixed CVE-2025-31182(need no app-sandbox), another vulnerability I reported was also fixed at the same time, but the vulnerability can achieve local privilege escalation, even though it is difficult to complete stable exploitation, not just deleting arbitrary files.π
@binary_fmyy
1 Apr 2025
629 Impressions
1 Retweet
10 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B3450F7-7B4A-46CE-A6E0-BBE6569F2EBF",
"versionEndExcluding": "18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990",
"versionEndExcluding": "18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "345CC17A-CCA4-4B82-A645-A5226A8DAEBB",
"versionEndExcluding": "13.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D05DCA25-A1A0-4AEA-9F31-952803114EE2",
"versionEndExcluding": "14.7.5",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C61CCC2-87D3-4A3A-837B-63C48299A7AD",
"versionEndExcluding": "18.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E82603D7-A630-4B9B-9C51-880667F05EC7",
"versionEndExcluding": "2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]