What is the severity of CVE-2025-31236?

CVE-2025-31236 has been classified as a high severity vulnerability.

How do I fix CVE-2025-31236?

To fix CVE-2025-31236, update your macOS Sequoia to version 15.5 or later.

What component is affected by CVE-2025-31236?

CVE-2025-31236 affects the afpfs component of macOS.

What types of issues does CVE-2025-31236 address?

CVE-2025-31236 addresses memory handling issues, permission restrictions, and input sanitization.

Are there any known workarounds for CVE-2025-31236?

There are no recommended workarounds for CVE-2025-31236, so updating is the best action.

Vulnerability/
CVE-2025-31236

CWE

416 415

12/5/2025

CVE-2025-31236: Use After Free

First published: Mon May 12 2025(Updated: )

afpfs. The issue was addressed with improved memory handling.

Credit: Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeKirin @Pwnrin Fudan UniversityLFY @secsys Fudan UniversityBohdan Stasiuk @bohdan_stasiuk Saagar Jha an anonymous researcher Christian Kohlschütter Michael DePlante @izobashi Trend Micro Zero Day InitiativeLucas Leong @_wmliang_ Trend Micro Zero Day InitiativeCVE-2024-8176 Paweł Płatek (Trail BitsAdam M. Sourabhkumar Mishra CVE-2025-26465 CVE-2025-26466 CertiK @CertiK wac Csaba Fitzl @theevilbit KandjiRyan Dowd @_rdowd Dave G. Kirin @Pwnrin 7feilee Eric Dorphy Twin Cities App Dev LLCNoah Gregory (wts.dev) Google V8 Security Team Andreas Jaegersberger & Ro Achterberg Nosebeard Labswac Trend Micro Zero Day InitiativeJiming Wang Jikai Ren Nan Wang @eternalsakura13 rheza @ginggilBesel Ignacio Sanmillan @ulexec Ivan Fratric Google Project ZeroJuergen Schmied Lynck GmbHJoseph Ravichandran @0xjprx MIT CSAILThomas Völkl @vollkorntomate SEEMOO TU Darmstadt Dillon Franke Google Project ZeroGuilherme Rambo Best Buddy Apps

Affected Software	Affected Version	How to fix
macOS	<15.5	15.5

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/122716 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

APPLE-122716

Frequently Asked Questions

What is the severity of CVE-2025-31236?
CVE-2025-31236 has been classified as a high severity vulnerability.
How do I fix CVE-2025-31236?
To fix CVE-2025-31236, update your macOS Sequoia to version 15.5 or later.
What component is affected by CVE-2025-31236?
CVE-2025-31236 affects the afpfs component of macOS.
What types of issues does CVE-2025-31236 address?
CVE-2025-31236 addresses memory handling issues, permission restrictions, and input sanitization.
Are there any known workarounds for CVE-2025-31236?
There are no recommended workarounds for CVE-2025-31236, so updating is the best action.

collector/apple-support
source/Apple
alias/CVE-2025-31209
alias/CVE-2025-31239
alias/CVE-2025-31233
alias/CVE-2025-31236
alias/CVE-2025-30443
alias/CVE-2025-31226
alias/CVE-2025-31232
alias/CVE-2025-31241
alias/CVE-2025-31219
alias/CVE-2024-8176
alias/CVE-2025-30440
alias/CVE-2025-31222
alias/CVE-2025-24274
alias/CVE-2025-31218
alias/CVE-2025-31256
alias/CVE-2025-24142
alias/CVE-2025-26465
alias/CVE-2025-26466
alias/CVE-2025-31234
alias/CVE-2025-31245
alias/CVE-2025-31244
alias/CVE-2025-31258
alias/CVE-2025-31249
alias/CVE-2025-31224
alias/CVE-2025-31221
alias/CVE-2025-31213
alias/CVE-2025-31247
alias/CVE-2025-31259
alias/CVE-2025-31242
alias/CVE-2025-31250
alias/CVE-2025-31220
alias/CVE-2025-24213
alias/CVE-2025-31223
alias/CVE-2025-31238
alias/CVE-2025-31215
alias/CVE-2025-31204
alias/CVE-2025-24223
alias/CVE-2025-31206
alias/CVE-2025-31217
alias/CVE-2025-31205
alias/CVE-2025-31257
agent/software-canonical-lookup
alias/CVE-2025-31240
alias/CVE-2025-31237
alias/CVE-2025-31260
alias/CVE-2025-31251
alias/CVE-2025-31235
alias/CVE-2025-24222
alias/CVE-2025-31212
alias/CVE-2025-31208
agent/weakness
agent/softwarecombine
agent/references
agent/first-publish-date
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/description
agent/type
agent/event
vendor/apple
canonical/macos