CVE-2025-31255

An authorization issue was addressed with improved state management. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7. An app may be able to access sensitive user data.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/125108	Release Notes Vendor Advisory
https://support.apple.com/en-us/125111	Release Notes Vendor Advisory
https://support.apple.com/en-us/125112	Release Notes Vendor Advisory
https://support.apple.com/en-us/125114	Release Notes Vendor Advisory
https://support.apple.com/en-us/125116	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Sep/49
http://seclists.org/fulldisclosure/2025/Sep/53
http://seclists.org/fulldisclosure/2025/Sep/54
http://seclists.org/fulldisclosure/2025/Sep/55
http://seclists.org/fulldisclosure/2025/Sep/57

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

04 Nov 2025, 02:15

Type	Values Removed	Values Added
References	~~{'url': 'https://support.apple.com/en-us/125110', 'tags': ['Release Notes', 'Vendor Advisory'], 'source': '[email protected]'}~~	() http://seclists.org/fulldisclosure/2025/Sep/49 - () http://seclists.org/fulldisclosure/2025/Sep/53 - () http://seclists.org/fulldisclosure/2025/Sep/54 - () http://seclists.org/fulldisclosure/2025/Sep/55 - () http://seclists.org/fulldisclosure/2025/Sep/57 -
Summary	(en) An authorization issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data.	(en) An authorization issue was addressed with improved state management. This issue is fixed in tvOS 26, watchOS 26, macOS Sonoma 14.8, iOS 26 and iPadOS 26, macOS Sequoia 15.7. An app may be able to access sensitive user data.

Information

Published : 2025-09-15 23:15

Updated : 2025-11-04 02:15

NVD link : CVE-2025-31255

Mitre link : CVE-2025-31255

CVE.ORG link : CVE-2025-31255

JSON object : View

Products Affected

apple

watchos
ipados
iphone_os
tvos
macos

CWE

CWE-285

Improper Authorization

9.8 /10