CVE-2025-31257: Double Free
First published: Mon May 12 2025(Updated: )
afpfs. The issue was addressed with improved memory handling.
Credit: Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeGuilherme Rambo Best Buddy AppsApple Google Threat Analysis Group Saagar Jha Michael DePlante @izobashi Trend Micro Zero Day InitiativeLucas Leong @_wmliang_ Trend Micro Zero Day InitiativeChristian Kohlschütter CVE-2024-8176 Paweł Płatek (Trail BitsDave G. Google V8 Security Team Andreas Jaegersberger & Ro Achterberg Nosebeard Labswac Trend Micro Zero Day Initiativerheza @ginggilBesel an anonymous researcher Nan Wang @eternalsakura13 Ignacio Sanmillan @ulexec Jiming Wang Jikai Ren Ivan Fratric Google Project ZeroJuergen Schmied Lynck GmbHCertiK @CertiK wac Csaba Fitzl @theevilbit KandjiRyan Dowd @_rdowd Kirin @Pwnrin 7feilee Eric Dorphy Twin Cities App Dev LLCNoah Gregory (wts.dev) Adam M. Sourabhkumar Mishra LFY @secsys Fudan UniversityCVE-2025-26465 CVE-2025-26466 Kirin @Pwnrin Fudan UniversityBohdan Stasiuk @bohdan_stasiuk Joseph Ravichandran @0xjprx MIT CSAILThomas Völkl @vollkorntomate SEEMOO TU Darmstadt Dillon Franke Google Project ZeroDayton Pidhirney Atredis PartnersLyutoon YenKoc Dalibor Milanovic Andrew James Gonzalez YingQi Shi @Mas0nShi DBAppSecurity's WeBin labDuy Trần @khanhduytran0 Richard Hyunho Im @richeeta Andr.Ess Shehab Khan 秦若涵 崔志伟 崔宝江 Deval Jariwala
| Affected Software | Affected Version | How to fix |
|---|---|---|
| tvOS | <18.5 | 18.5 |
| macOS | <15.5 | 15.5 |
| visionOS | <2.5 | 2.5 |
| Apple iOS and iPadOS | <18.5 | 18.5 |
| Apple iOS, iPadOS, and macOS | <18.5 | 18.5 |
| Apple iOS, iPadOS, and watchOS | <11.5 | 11.5 |
| Safari | <18.5 | 18.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/122720 (Advisory)
- https://support.apple.com/en-us/122716 (Advisory)
- https://support.apple.com/en-us/122721 (Advisory)
- https://support.apple.com/en-us/122404 (Advisory)
- https://support.apple.com/en-us/122722 (Advisory)
- https://support.apple.com/en-us/122719 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2025-31251
- CVE-2025-31212
- CVE-2025-31208
- CVE-2025-31209
- CVE-2025-31239
- CVE-2025-31233
- CVE-2025-31226
- CVE-2025-31219
- CVE-2025-31241
- CVE-2024-8176
- CVE-2025-31222
- CVE-2025-31245
- CVE-2025-31234
- CVE-2025-31221
- CVE-2025-24213
- CVE-2025-31223
- CVE-2025-31238
- CVE-2025-24223
- CVE-2025-31204
- CVE-2025-31217
- CVE-2025-31215
- CVE-2025-31206
- CVE-2025-31205
- CVE-2025-31257
- CVE-2025-31246
- CVE-2025-31240
- CVE-2025-31237
- CVE-2025-31260
- CVE-2025-31235
- CVE-2025-24222
- CVE-2025-31236
- CVE-2025-30443
- CVE-2025-31232
- CVE-2025-30440
- CVE-2025-24274
- CVE-2025-31218
- CVE-2025-31256
- CVE-2025-24142
- CVE-2025-26465
- CVE-2025-26466
- CVE-2025-31244
- CVE-2025-31258
- CVE-2025-31249
- CVE-2025-31224
- CVE-2025-31213
- CVE-2025-31247
- CVE-2025-31259
- CVE-2025-31242
- CVE-2025-31250
- CVE-2025-31220
- CVE-2025-30448
- CVE-2025-31214
- CVE-2025-31225
- CVE-2025-31253
- CVE-2025-31210
- CVE-2025-31207
- CVE-2025-24225
- CVE-2025-31228
- CVE-2025-31227
- CVE-2025-31200
Frequently Asked Questions
What is the severity of CVE-2025-31257?
CVE-2025-31257 is considered a high severity vulnerability due to its potential impact on memory handling and permissions.
How do I fix CVE-2025-31257?
To fix CVE-2025-31257, update your affected Apple device to the latest version specified in the software updates.
Which versions are affected by CVE-2025-31257?
CVE-2025-31257 affects tvOS versions up to 18.5, macOS Sequoia versions up to 15.5, visionOS versions up to 2.5, and iOS and iPadOS versions up to 18.5.
What type of issues does CVE-2025-31257 address?
CVE-2025-31257 addresses issues related to memory handling, permission restrictions, and input sanitization.
Who is affected by CVE-2025-31257?
Users of Apple devices running the specified affected versions of tvOS, macOS, visionOS, iOS, iPadOS, and watchOS are impacted by CVE-2025-31257.
- collector/apple-support
- source/Apple
- alias/CVE-2025-31204
- alias/CVE-2025-31217
- alias/CVE-2025-31215
- alias/CVE-2025-31206
- alias/CVE-2025-31205
- alias/CVE-2025-31257
- agent/software-canonical-lookup
- alias/CVE-2025-31258
- alias/CVE-2025-31249
- alias/CVE-2025-31224
- alias/CVE-2025-31221
- alias/CVE-2025-31213
- alias/CVE-2025-31247
- alias/CVE-2025-31259
- alias/CVE-2025-31242
- alias/CVE-2025-31250
- alias/CVE-2025-31220
- alias/CVE-2025-24213
- alias/CVE-2025-31223
- alias/CVE-2025-31238
- alias/CVE-2025-24223
- alias/CVE-2025-31245
- alias/CVE-2025-31244
- alias/CVE-2025-31241
- alias/CVE-2025-31219
- alias/CVE-2024-8176
- alias/CVE-2025-30440
- alias/CVE-2025-31222
- alias/CVE-2025-24274
- alias/CVE-2025-31218
- alias/CVE-2025-31256
- alias/CVE-2025-24142
- alias/CVE-2025-26465
- alias/CVE-2025-26466
- alias/CVE-2025-31234
- alias/CVE-2025-31209
- alias/CVE-2025-31239
- alias/CVE-2025-31233
- alias/CVE-2025-31236
- alias/CVE-2025-30443
- alias/CVE-2025-31226
- alias/CVE-2025-31232
- alias/CVE-2025-31240
- alias/CVE-2025-31237
- alias/CVE-2025-31260
- alias/CVE-2025-31251
- alias/CVE-2025-31235
- alias/CVE-2025-24222
- alias/CVE-2025-31212
- alias/CVE-2025-31208
- alias/CVE-2025-30448
- alias/CVE-2025-31253
- alias/CVE-2025-31210
- alias/CVE-2025-31207
- alias/CVE-2025-24225
- alias/CVE-2025-31228
- alias/CVE-2025-31227
- alias/CVE-2025-31225
- alias/CVE-2025-31214
- agent/last-modified-date
- agent/weakness
- agent/source
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- alias/CVE-2025-31200
- agent/event
- agent/references
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/tvos
- canonical/macos
- canonical/visionos
- canonical/apple ios and ipados
- canonical/apple ios, ipados, and macos
- canonical/apple ios, ipados, and watchos
- canonical/safari