Severity
Medium
Analysis Summary
CVE-2025-31205 CVSS:6.5
Apple Safari could allow a remote attacker to exfiltrate data cross-origin, caused by an issue in the WebKit component when visiting a specially crafted Web site.
CVE-2025-30448 CVSS:5.5
Apple visionOS could allow a local attacker to bypass security restrictions, caused by an error in the iCloud Document Sharing component. By using a specially crafted application, an attacker could turn on sharing of an iCloud folder without authentication
CVE-2025-31218 CVSS:5.5
Apple macOS Sequoia could allow a local attacker to observe the hostnames of new network connections, caused by an issue in the NetworkExtension component when using a specially crafted application.
Impact
- Information Disclosure
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-31205
CVE-2025-30448
CVE-2025-31218
Affected Vendors
- Apple
Affected Products
- Apple macOS - unspecified
- Apple iOS and iPadOS - unspecified
- Apple iPadOS - unspecified
- Apple visionOS - 2.4.0
- Apple Safari - 18.4
- Apple macOS Sequoia - 15.4
Remediation
Refer to the Apple security document for patch, upgrade, or suggested workaround information.