CVE-2025-31235
A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to cause unexpected system termination.
-
exploitation prediction scoring system. probability this vulnerability will be exploited in the wild in the next 30 days.
cvss
common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.
epss
0.0007
kev
no
cisa known exploited vulnerabilities catalog. confirmed active exploitation.
CVSS 3.1
Common Vulnerability Scoring System v3.1
6.5
/ 10
MEDIUM
exploitability
Attack Vector
Local
Attack Vector (AV:L): requires local access. attacker must have shell access or physical login.
Attack Complexity
Low
Attack Complexity (AC:L): no special conditions needed. attack can be reliably reproduced.
Privileges Required
Low
Privileges Required (PR:L): requires basic user-level access.
User Interaction
None
User Interaction (UI:N): no victim action needed. fully exploitable without user interaction.
impact
Scope
Changed
Scope (S:C): exploitation impacts resources beyond the vulnerable component.
Confidentiality
None
Confidentiality (C:N): no confidentiality impact.
Integrity
None
Integrity (I:N): no integrity impact.
Availability
High
Availability (A:H): total denial of service. attacker can fully shut down the resource.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
activity density
rdintel assessment
composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.
sign in to view full intelligence
pocs, detection rules, timeline, advisories, and more