CVE-2025-31277
Published Jul 30, 2025
Last updated a month ago
AI description
CVE-2025-31277 is a memory corruption vulnerability found in Apple's WebKit, specifically within the JavaScriptCore component. This flaw can be triggered when processing maliciously crafted web content, which may lead to memory corruption. This vulnerability has been actively exploited as part of the "DarkSword" iOS exploit kit, which leverages multiple vulnerabilities to compromise devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31277 to its Known Exploited Vulnerabilities Catalog, indicating evidence of active exploitation.
- Description
- The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- safari, ipados, iphone_os, macos, tvos, visionos, watchos
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Apple Multiple Products Buffer Overflow Vulnerability
- Exploit added on
- Mar 20, 2026
- Exploit action due
- Apr 3, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-119
- Hype score
- Not currently trending
BREAKING: SUSE patches critical webkit2gtk3 bugs including actively exploited CVE-2025-31277 on openSUSE Leap 15.4 and SUSE Linux Enterprise, users urged to update to 2.52.0. https://t.co/9APmmTCUU5
@threatcluster
31 Mar 2026
133 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Russian APT Star Blizzard deploys DarkSword iOS exploit kit targeting 18.4-18.7. Full-chain: CVE-2025-31277 (JSCore RCE) → CVE-2026-20700 (PAC bypass) → CVE-2025-43520 (kernel privesc). GHOSTKNIFE backdoor exfils in minutes. Update to iOS 26.3+ now. #infosec
@psyciclabs
30 Mar 2026
181 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2020-5902 2 - CVE-2026-33634 3 - CVE-2025-31277 4 - CVE-2026-20643 5 - CVE-2025-53521 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
29 Mar 2026
177 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 iOS Security 101: Lockdown Mode explained (perfect for DarkSword-level threats) With iOS 26.4 now out, the 6-zero-day DarkSword chain (incl. CVE-2025-31277 + CVE-2025-43520) has been publicly leaked on GitHub. Multiple actors (TA446 etc.) are actively using it. CISA added th
@seoscottsdale
28 Mar 2026
216 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
3 Apple CVEs hit the CISA KEV this week — all actively exploited: CVE-2025-31277 (memory corruption) CVE-2025-43510 (DoS) CVE-2025-43520 (buffer overflow) iOS, macOS, watchOS, visionOS affected. Update everything. Today. #Apple #AppSec
@cveriskpilot
27 Mar 2026
127 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows the leaked DarkSword framework exploits zero-click iOS vulnerabilities (CVE-2025-31277, CVE-2026-20700) to establish remote device control. Attackers pivot across apps and data repositories to exfiltrate messages, account details, and location history. #ZeroDay
@aviatrixtrc
25 Mar 2026
166 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV: CVE-2025-31277 — buffer overflow in Apple Safari, iOS & macOS lets malicious web content corrupt memory. All Apple devices at risk. Patch: Settings → General → Software Update. #CyberSecurity #CyberThreat #ThreatIntel #C3Security 🔗 https://t.co/Qz4M0i9Mib
@DopeDrew
25 Mar 2026
153 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows UNC6353 deployed the DarkSword exploit kit to chain iOS vulnerabilities CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. Attackers escaped sandboxes, escalated privileges, and moved laterally across compromised devices to steal cryptocurrency wallet
@aviatrixtrc
24 Mar 2026
179 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
"DarkSword" exploit chain, live since Nov 2025, linked 6 flaws: JavaScriptCore (CVE-2025-31277, CVE-2025-43529), dyld PAC bypass (CVE-2026-20700), WebContent sandbox escape (CVE-2025-14174). #cybersecurity
@bigmacd16684
23 Mar 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#MSSP owners treat #KEV additions like security bulletins instead of liability notices. When #Apple devices in #RMM stack get compromised through unpatched #CVE-2025-31277, explaining to fifty clients why their data was exposed becomes a contract conversation, not a technical one
@bettermssp
23 Mar 2026
128 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added 5 exploited flaws to KEV, including Apple, Craft CMS, Laravel Livewire. Federal agencies must patch by April 3, 2026. Key: CVE-2025-31277 (Apple, CVSS 8.8). https://t.co/UOAewbcVzN
@technoholic_me
23 Mar 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(3/20追加) 🛡️No.1548 CVE-2025-31277 Apple Multiple Products Buffer Overflow Vulnerability ==================================== ✅概要 ・深刻度:重要⚠️ 8.8 (CVSS Base)
@piyokango
23 Mar 2026
2631 Impressions
3 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性5件をカタログに追加 CISA Adds Five Known Exploited Vulnerabilities to Catalog #CISA (Mar 20) CVE-2025-31277 Apple複数製品におけるバッファオーバーフローの脆弱性 CVE-2025-32432 Craft CMS コードインジ
@foxbook
23 Mar 2026
222 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows the 'DarkSword' malware exploited CVE-2025-31277 to compromise over 220 million iPhones through malicious websites. Attackers used the WebKit memory corruption bug for initial code execution before escalating privileges and moving laterally across networks.
@aviatrixtrc
21 Mar 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ⚠️ ATTENTION ALL IPHONE/IPAD USERS ⚠️🚨 Vulnerabilities: CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. How it works: This isn't just one bug; it's a "chain." A user visits a malicious website or opens a crafted file, and DarkSword uses these memory corrupti
@SteveAJ777
21 Mar 2026
118 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ⚠️ ATTENTION ALL IPHONE/IPAD USERS ⚠️🚨 Vulnerabilities: CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. How it works: This isn't just one bug; it's a "chain." A user visits a malicious website or opens a crafted file, and DarkSword uses these memory corrupti
@SteveAJ777
21 Mar 2026
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 ⚠️ ATTENTION ALL IPHONE/IPAD USERS ⚠️🚨 Vulnerabilities: CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. How it works: This isn't just one bug; it's a "chain." A user visits a malicious website or opens a crafted file, and DarkSword uses these memory corrupti
@SteveAJ777
21 Mar 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Today CVE: CVE-2025-31277. Curious how quickly this started getting scanned. Apple buffer overflow across the entire ecosystem. Safari, iOS, macOS, watchOS, visionOS, iPadOS, tvOS. When one falls, they all fall.
@EdgeDetectOps
21 Mar 2026
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISAが既知の悪用された脆弱性5件をカタログに追加 https://t.co/EeEpj7O9GT CVE-2025-31277 Apple複数製品におけるバッファオーバーフローの脆弱性 CVE-2025-32432 Craft CMS コードインジェクションの脆弱性
@cybersecnews_jp
21 Mar 2026
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 أضافت CISA خمس عيوب مستغلة إلى سجل KEV، تستهدف Apple وCraft CMS وLaravel Livewire، وتحث الوكالات الفدرالية على تصحيحها قبل 3 أبريل 2026. الثغرات المعروضة منها: CVE-2025-31277 (CVSS 8.
@Cybercachear
21 Mar 2026
108 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに5件の脆弱性を追加。Apple社複数製品のCVE-2025-31277、CVE-2025-43510、CVE-2025-43520、Craft CMSのCVE-2025-32432、Laravel LivewireのCVE-202
@__kokumoto
21 Mar 2026
891 Impressions
0 Retweets
5 Likes
3 Bookmarks
1 Reply
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-31277 #Apple Multiple Products Buffer Overflow Vulnerability https://t.co/CioN7dyL6e
@ScyScan
20 Mar 2026
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2025-31277: Buffer Overflow en Productos Apple Explotado Activamente Análisis técnico de la vulnerabilidad CVE-2025-31277 en Apple Safari, iOS y más. Impacto alto (CVSS 8.8), recomendaciones de mitigación y productos afectados. https://t.co/AVjs6MY410 #ciberplane
@CiberPlanetaOrg
20 Mar 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Alerta de Seguridad: Vulnerabilidad de Desbordamiento de Búfer en Múltiples Productos de Apple (CVE-2025-31277) Vulnerabilidad de desbordamiento de búfer (CWE-119) en Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS y tvOS permite corrupción de memoria al procesar
@CiberPlanetaOrg
20 Mar 2026
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2025-31277 - Apple - Safari - https://t.co/Kw7wlDWmho #OSINT #ThreatIntel #CyberSecurity #cve-2025-31277 #apple #safari
@RedPacketSec
20 Mar 2026
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 استغلال جهات تهديد متعددة لحزمة استغلال iOS "DarkSword" التي تستهدف ست ثغرات تستغل جهات تهديد متعددة بشكل نشط حزمة استغلال iOS متطورة تُعرف باسم "DarkSword"، والتي
@MisbarSec
20 Mar 2026
273 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2026-3888 2 - CVE-2025-31277 3 - CVE-2025-55182 4 - CVE-2026-20643 5 - CVE-2026-32746 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
19 Mar 2026
155 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Russian 🇷🇺 UNC6353 deploys "DarkSword" iOS exploit kit targeting crypto wallets and personal data via watering hole attacks. Exploits CVE-2025-31277 through CVE-2025-43520 affecting iOS 18.4-18.7 devices. #DFIR_Radar https://t.co/Bv8ESL3HzZ
@DFIR_Radar
19 Mar 2026
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-31277 (CVSS:8.8, HIGH) is Analyzed. The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, i..https://t.co/MSB72dc3TV #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
4 Aug 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "969AD7A8-5CCF-4607-BBE8-E06E642A170C",
"versionEndExcluding": "18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED4015E-C707-4A91-86B3-23100E0DFA8F",
"versionEndExcluding": "18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9D42A7-DE2A-4D5A-8C7B-002A60148483",
"versionEndExcluding": "18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF17CE2-DB4B-48D1-81AF-67EF1EC7BB45",
"versionEndExcluding": "15.6",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FBC1698A-3E9C-4055-B23A-13A3C22BD6EE",
"versionEndExcluding": "18.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EADBC0BD-ECAC-4E0A-B490-24649AFE5355",
"versionEndExcluding": "2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35D9C2D7-6120-4631-8D0B-259641DFD85B",
"versionEndExcluding": "11.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]