CVE-2025-31218

Published May 12, 2025

Last updated a month ago

CVSS medium 6.2

Overview

Description: This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections.
Source: product-security@apple.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.2
Impact score: 3.6
Exploitability score: 2.5
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-200

Hype score: Not currently trending

🟠 #macOS, Information Disclosure, #CVE-2025-31218 (Medium) https://t.co/LnWEhnBSTt
@dailycve
28 May 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF1B4AB8-2B51-4EED-BD29-C500C83FAB10",
            "versionEndExcluding": "15.5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.