High severity8.2NVD Advisory· Published May 12, 2025· Updated Apr 2, 2026

CVE-2025-31234

Description

The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5. An attacker may be able to cause unexpected system termination or corrupt kernel memory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2025-31234 is a memory corruption vulnerability in Apple platforms that an attacker can exploit via a maliciously crafted media file or AFP server connection to cause system termination or corrupt kernel memory.

CVE-2025-31234 is a memory corruption vulnerability affecting multiple Apple platforms. The issue stems from improper input sanitization, which allows specially crafted input to corrupt memory. On macOS, the attack vector is connecting to a malicious AFP server, while on iOS, iPadOS, tvOS, and visionOS, the vector is processing a maliciously crafted media file. [1][2][3][4]

Exploitation requires the user to either connect to a malicious AFP server (on macOS) or process a crafted media file (on other platforms). No additional authentication is needed beyond the user performing the action. The vulnerability can lead to unexpected system termination or corruption of kernel memory. [1][2]

The impact of successful exploitation ranges from denial-of-service (system termination) to more severe kernel memory corruption, which could potentially enable arbitrary code execution at the kernel level. Apple addresses the issue in iOS 18.5, iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, and visionOS 2.5. No workarounds are mentioned; upgrading to the patched versions is the recommended mitigation. [1][2][3][4]

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <18.5
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <18.5
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: <15.5
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <18.5
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/122404nvdRelease NotesVendor Advisory
support.apple.com/en-us/122716nvdRelease NotesVendor Advisory
support.apple.com/en-us/122720nvdRelease NotesVendor Advisory
support.apple.com/en-us/122721nvdRelease NotesVendor Advisory
seclists.org/fulldisclosure/2025/May/11nvd
seclists.org/fulldisclosure/2025/May/12nvd
seclists.org/fulldisclosure/2025/May/5nvd
seclists.org/fulldisclosure/2025/May/7nvd

News mentions

No linked articles in our index yet.

cvss	0.533
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000