cve-2025-31184
Vulnerability from cvelistv5
Published
2025-03-31 22:22
Modified
2025-04-07 18:29
Severity ?
EPSS score ?
Summary
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/122371 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122373 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122378 | Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/122379 | Vendor Advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-31184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-07T18:29:16.861062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-07T18:29:55.726Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "visionOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "18.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An app may gain unauthorized access to Local Network",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T22:22:32.148Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/122371"
},
{
"url": "https://support.apple.com/en-us/122373"
},
{
"url": "https://support.apple.com/en-us/122378"
},
{
"url": "https://support.apple.com/en-us/122379"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2025-31184",
"datePublished": "2025-03-31T22:22:32.148Z",
"dateReserved": "2025-03-27T16:13:58.311Z",
"dateUpdated": "2025-04-07T18:29:55.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-31184\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2025-03-31T23:15:28.847\",\"lastModified\":\"2025-04-15T14:20:22.750\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may gain unauthorized access to Local Network.\"},{\"lang\":\"es\",\"value\":\"Este problema se solucion\u00f3 mejorando la comprobaci\u00f3n de permisos. Este problema est\u00e1 corregido en Safari 18.4, visionOS 2.4, iOS 18.4, iPadOS 18.4 y macOS Sequoia 15.4. Una aplicaci\u00f3n podr\u00eda obtener acceso no autorizado a la red local.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-281\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4\",\"matchCriteriaId\":\"E82603D7-A630-4B9B-9C51-880667F05EC7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.4\",\"matchCriteriaId\":\"45D15738-9AE3-4CB5-8755-A67F6E09EAC5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.4\",\"matchCriteriaId\":\"0D9C73F9-FEF4-4FC1-B83D-56566AD35990\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.4\",\"matchCriteriaId\":\"6B3450F7-7B4A-46CE-A6E0-BBE6569F2EBF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.4\",\"matchCriteriaId\":\"1320B815-0457-4276-83B9-AFAFDAF17EDA\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/122371\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/122373\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/122378\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/122379\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.