High severity8.8CISA KEVNVD Advisory· Published Jul 30, 2025· Updated Apr 3, 2026
CVE-2025-31277
CVE-2025-31277
Description
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18.6, visionOS 2.6, watchOS 11.6. Processing maliciously crafted web content may lead to memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
56cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <18.6
- (no CPE)range: =18.6
- Range: =18.6
- Range: =15.6
- osv-coords46 versionspkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk3&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk3-soup2&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/webkit2gtk4&distro=openSUSE%20Leap%2016.0pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/webkit2gtk3&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/webkit2gtk3-soup2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/webkit2gtk4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 2.52.1-150600.12.63.1+ 45 more
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.0-4.54.1
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.0-4.54.1
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.0-150400.4.137.3
- (no CPE)range: < 2.52.1-150600.12.63.1
- (no CPE)range: < 2.52.1-160000.1.1
Patches
Vulnerability mechanics
References
12- seclists.org/fulldisclosure/2025/Aug/0nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Jul/30nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Jul/32nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Jul/36nvdMailing ListThird Party Advisory
- support.apple.com/en-us/124147nvdRelease NotesVendor Advisory
- support.apple.com/en-us/124149nvdRelease NotesVendor Advisory
- support.apple.com/en-us/124152nvdRelease NotesVendor Advisory
- support.apple.com/en-us/124153nvdRelease NotesVendor Advisory
- support.apple.com/en-us/124154nvdRelease NotesVendor Advisory
- support.apple.com/en-us/124155nvdRelease NotesVendor Advisory
- cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/nvdTechnical Description
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
1- The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat ActorsMandiant Threat Intelligence · Mar 18, 2026