Medium severity6.3NVD Advisory· Published May 12, 2025· Updated Apr 2, 2026

CVE-2025-31233

Description

The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Processing a maliciously crafted video file can cause unexpected app termination or memory corruption on Apple devices; fixed in iOS 18.5, macOS Sequoia 15.5, and others.

Vulnerability

Details

CVE-2025-31233 is a memory corruption vulnerability in Apple's media processing framework. The root cause is insufficient input sanitization when handling crafted video files. This flaw can be triggered by processing a maliciously crafted video file, leading to unexpected app termination or corruption of process memory [2][4].

Exploitation

An attacker can exploit this vulnerability by delivering a specially crafted video file to a target user. No special privileges are required beyond the user opening the file in any application that processes video content. The attack surface is broad, affecting multiple Apple platforms including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS [1][2][3][4].

Impact

Successful exploitation results in either a denial of service (app termination) or memory corruption, which could potentially be leveraged for further compromise. The CVSS v3 score of 6.3 (Medium) reflects the need for user interaction and the potential for limited impact on confidentiality, integrity, and availability.

Mitigation

Apple has addressed this issue in the following updates released on May 12, 2025: iOS 18.5, iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, and watchOS 11.5 [1][2][3][4]. Users are advised to update their devices to the latest available versions.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <17.7.7
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <18.5
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: <13.7.6
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <18.5
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.5
Apple Inc./watchOS
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Range: <11.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/122404nvdRelease NotesVendor Advisory
support.apple.com/en-us/122405nvdRelease NotesVendor Advisory
support.apple.com/en-us/122716nvdRelease NotesVendor Advisory
support.apple.com/en-us/122717nvdRelease NotesVendor Advisory
support.apple.com/en-us/122718nvdRelease NotesVendor Advisory
support.apple.com/en-us/122720nvdRelease NotesVendor Advisory
support.apple.com/en-us/122721nvdRelease NotesVendor Advisory
support.apple.com/en-us/122722nvdRelease NotesVendor Advisory
seclists.org/fulldisclosure/2025/May/11nvd
seclists.org/fulldisclosure/2025/May/12nvd
seclists.org/fulldisclosure/2025/May/5nvd
seclists.org/fulldisclosure/2025/May/6nvd
seclists.org/fulldisclosure/2025/May/7nvd
seclists.org/fulldisclosure/2025/May/8nvd
seclists.org/fulldisclosure/2025/May/9nvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000