CVE-2025-31258

Published May 12, 2025

Last updated 4 months ago

CVSS medium 6.5
Apple
MacOS Sequoia

Overview

Description
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
Source
product-security@apple.com
NVD status
Modified
Products
macos

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
2.5
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-284

Social media

Hype score
Not currently trending

  1. به تازگی برای macOS , آسیب پذیری با کد شناسایی CVE-2025-31258 منتشر شده است. نمره این آسیب پذیری 7.8 می باشد . برای پیشگیری و مقابله سیستم عامل macOS خود را به نسخه 14.3 به ر

    @AmirHossein_sec

    18 May 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. another 1day practice: CVE-2025-31258 (patched in macOS 15.5) Escaped macOS sandbox, but partial. https://t.co/vNs7OOZR7Z

    @minacrissDev_

    16 May 2025

    973 Impressions

    3 Retweets

    14 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  3. macOS「RemoteViewServices」にサンドボックス回避の脆弱性(CVE-2025-31258)-PoCが公開中 #セキュリティ対策Lab #セキュリティ #Security https://t.co/wM0KNi2Je7

    @securityLab_jp

    14 May 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. PoC Released: CVE-2025-31258 Sandbox Escape in macOS via RemoteViewServices https://t.co/YsyHJewEDR

    @Dinosn

    13 May 2025

    2275 Impressions

    5 Retweets

    21 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  5. another 1day practice: CVE-2025-31258 (patched in macOS 15.5) Escaped macOS sandbox, but partial. Source Code: https://t.co/wqjzyff86D Demo Video: https://t.co/1ak0ubz1Pi

    @wh1te4ever

    13 May 2025

    16904 Impressions

    36 Retweets

    171 Likes

    68 Bookmarks

    1 Reply

    1 Quote

  6. CVE-2025-31258 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. https://t.co/nW3GUWn5LA

    @CVEnew

    12 May 2025

    273 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.CVE-2026-20681
  2. The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data.CVE-2026-20680
  3. A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.CVE-2026-20677
  4. Apple Multiple Buffer Overflow VulnerabilityCVE-2026-20700
  5. A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.CVE-2026-20669

References

Sources include official advisories and independent security research.