CVE-2025-31235

Published May 12, 2025

Last updated 4 months ago

CVSS medium 6.5

Overview

Description
A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination.
Source
product-security@apple.com
NVD status
Modified
Products
ipados, macos

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
4
Exploitability score
2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-415

Social media

Hype score
Not currently trending

  1. I lightly mentioned CVE-2025-31235, a double-free I found in coreaudiod/CoreAudio, during my OffensiveCon presentation last month. It's been derestricted now, so enjoy my writeup which includes a PoC and dtrace script to help understand the vulnerability! https://t.co/IG0OcOaIWY

    @dillon_franke

    27 Jun 2025

    9163 Impressions

    35 Retweets

    166 Likes

    68 Bookmarks

    3 Replies

    0 Quotes

  2. (CVE-2025-31235)[Audio]Double Free in coreaudiod/CoreAudio Framework -> MacOS sbx escape is now open with PoC(was confirmed on MacOS Sonoma 14.7.2 and MacOS Sequoia 15.3.2) https://t.co/SyETMv7DIc https://t.co/lxXUwa3i8N Reported by Dillon Franke(@dillon_franke),working with

    @xvonfers

    25 Jun 2025

    958 Impressions

    1 Retweet

    11 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Apple Multiple Buffer Overflow VulnerabilityCVE-2026-20700
  2. A logic issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker may be able to discover a user’s deleted notes.CVE-2026-20682
  3. A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.CVE-2026-20681
  4. The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data.CVE-2026-20680
  5. An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to access sensitive user data.CVE-2026-20678

References

Sources include official advisories and independent security research.