Severity
High
Analysis Summary
CVE-2025-31208 CVSS:7.5
The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
CVE-2025-31249 CVSS:7.1
A logic issue was addressed with improved checks. This issue is fixed in Apple macOS Sequoia 15.5. An app may be able to access sensitive user data.
CVE-2025-31232 CVSS:7.1
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A sandboxed app may be able to access sensitive user data.
CVE-2025-31225 CVSS:7.1
A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results.
CVE-2025-31224 CVSS:7.8
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass certain Privacy preferences.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-31208
CVE-2025-31249
CVE-2025-31232
CVE-2025-31225
CVE-2025-31224
Affected Vendors
- Apple
Affected Products
- Apple macOS - unspecified
- Apple tvOS - unspecified
- Apple iOS and iPadOS - unspecified
- Apple iPadOS - unspecified
Remediation
Refer to Apple's security Advisory for patch, upgrade, or suggested workaround information.