CVE-2025-31277

Published Jul 30, 2025

Last updated 2 days ago

Exploit knownCVSS high 8.8

Overview

Description
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6. Processing maliciously crafted web content may lead to memory corruption.
Source
product-security@apple.com
NVD status
Analyzed
Products
safari, ipados, iphone_os, macos, tvos, visionos, watchos

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Apple Multiple Products Buffer Overflow Vulnerability
Exploit added on
Mar 20, 2026
Exploit action due
Apr 3, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-119

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

3

  1. TRC analysis shows the 'DarkSword' malware exploited CVE-2025-31277 to compromise over 220 million iPhones through malicious websites. Attackers used the WebKit memory corruption bug for initial code execution before escalating privileges and moving laterally across networks.

    @aviatrixtrc

    21 Mar 2026

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 ⚠️ ATTENTION ALL IPHONE/IPAD USERS ⚠️🚨 Vulnerabilities: CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. How it works: This isn't just one bug; it's a "chain." A user visits a malicious website or opens a crafted file, and DarkSword uses these memory corrupti

    @SteveAJ777

    21 Mar 2026

    116 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 ⚠️ ATTENTION ALL IPHONE/IPAD USERS ⚠️🚨 Vulnerabilities: CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. How it works: This isn't just one bug; it's a "chain." A user visits a malicious website or opens a crafted file, and DarkSword uses these memory corrupti

    @SteveAJ777

    21 Mar 2026

    14 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 ⚠️ ATTENTION ALL IPHONE/IPAD USERS ⚠️🚨 Vulnerabilities: CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520. How it works: This isn't just one bug; it's a "chain." A user visits a malicious website or opens a crafted file, and DarkSword uses these memory corrupti

    @SteveAJ777

    21 Mar 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Today CVE: CVE-2025-31277. Curious how quickly this started getting scanned. Apple buffer overflow across the entire ecosystem. Safari, iOS, macOS, watchOS, visionOS, iPadOS, tvOS. When one falls, they all fall.

    @EdgeDetectOps

    21 Mar 2026

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. CISAが既知の悪用された脆弱性5件をカタログに追加 https://t.co/EeEpj7O9GT CVE-2025-31277 Apple複数製品におけるバッファオーバーフローの脆弱性 CVE-2025-32432 Craft CMS コードインジェクションの脆弱性

    @cybersecnews_jp

    21 Mar 2026

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. 📌 أضافت CISA خمس عيوب مستغلة إلى سجل KEV، تستهدف Apple وCraft CMS وLaravel Livewire، وتحث الوكالات الفدرالية على تصحيحها قبل 3 أبريل 2026. الثغرات المعروضة منها: CVE-2025-31277 (CVSS 8.

    @Cybercachear

    21 Mar 2026

    108 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに5件の脆弱性を追加。Apple社複数製品のCVE-2025-31277、CVE-2025-43510、CVE-2025-43520、Craft CMSのCVE-2025-32432、Laravel LivewireのCVE-202

    @__kokumoto

    21 Mar 2026

    891 Impressions

    0 Retweets

    5 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  9. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-31277 #Apple Multiple Products Buffer Overflow Vulnerability https://t.co/CioN7dyL6e

    @ScyScan

    20 Mar 2026

    94 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🛡️ CVE-2025-31277: Buffer Overflow en Productos Apple Explotado Activamente Análisis técnico de la vulnerabilidad CVE-2025-31277 en Apple Safari, iOS y más. Impacto alto (CVSS 8.8), recomendaciones de mitigación y productos afectados. https://t.co/AVjs6MY410 #ciberplane

    @CiberPlanetaOrg

    20 Mar 2026

    99 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🛡️ Alerta de Seguridad: Vulnerabilidad de Desbordamiento de Búfer en Múltiples Productos de Apple (CVE-2025-31277) Vulnerabilidad de desbordamiento de búfer (CWE-119) en Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS y tvOS permite corrupción de memoria al procesar

    @CiberPlanetaOrg

    20 Mar 2026

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE Alert: CVE-2025-31277 - Apple - Safari - https://t.co/Kw7wlDWmho #OSINT #ThreatIntel #CyberSecurity #cve-2025-31277 #apple #safari

    @RedPacketSec

    20 Mar 2026

    123 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 📌 استغلال جهات تهديد متعددة لحزمة استغلال iOS "DarkSword" التي تستهدف ست ثغرات تستغل جهات تهديد متعددة بشكل نشط حزمة استغلال iOS متطورة تُعرف باسم "DarkSword"، والتي

    @MisbarSec

    20 Mar 2026

    273 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  14. Top 5 Trending CVEs: 1 - CVE-2026-3888 2 - CVE-2025-31277 3 - CVE-2025-55182 4 - CVE-2026-20643 5 - CVE-2026-32746 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    19 Mar 2026

    155 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. Russian 🇷🇺 UNC6353 deploys "DarkSword" iOS exploit kit targeting crypto wallets and personal data via watering hole attacks. Exploits CVE-2025-31277 through CVE-2025-43520 affecting iOS 18.4-18.7 devices. #DFIR_Radar https://t.co/Bv8ESL3HzZ

    @DFIR_Radar

    19 Mar 2026

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. CVE-2025-31277 (CVSS:8.8, HIGH) is Analyzed. The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, i..https://t.co/MSB72dc3TV #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    4 Aug 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1, and macOS 26.3.2. Processing maliciously crafted web content may bypass Same Origin Policy.CVE-2026-20643
  2. Apple Multiple Buffer Overflow VulnerabilityCVE-2026-20700
  3. A logic issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker may be able to discover a user’s deleted notes.CVE-2026-20682
  4. A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts.CVE-2026-20681
  5. The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. A sandboxed app may be able to access sensitive user data.CVE-2026-20680

References

Sources include official advisories and independent security research.