CVE-2025-31235

Published May 12, 2025

Last updated 2 months ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-31235 is a double free vulnerability affecting Apple's iPadOS and macOS operating systems. Discovered by Dillon Franke working with Google Project Zero, it resides in the Audio component. The vulnerability can be triggered by an application, potentially leading to unexpected system termination. Apple has addressed this issue by improving memory management in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, and macOS Sonoma 14.7.6. Users are advised to update to these versions to mitigate the vulnerability.

Description
A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination.
Source
product-security@apple.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
4
Exploitability score
2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-415

Social media

Hype score
Not currently trending

Configurations