Apple iOS/iPadOS Web memory corruption

Summaryinfo

A vulnerability identified as critical has been detected in Apple iOS and iPadOS. Affected is an unknown function of the component Web Handler. This manipulation causes memory corruption. This vulnerability is tracked as CVE-2025-31257. The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.

Detailsinfo

A vulnerability was found in Apple iOS and iPadOS (affected version not known). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Web Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect availability. The summary by CVE is:

This issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.

It is possible to read the advisory at support.apple.com. This vulnerability is known as CVE-2025-31257 since 03/27/2025. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 06/11/2026).

The vulnerability scanner Nessus provides a plugin with the ID 236932 (Fedora 41 : webkitgtk (2025-c40948de3a)), which helps to determine the existence of the flaw in a target environment.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the databases at Tenable (236932) and CERT Bund (WID-SEC-2025-2365). Be aware that VulDB is the high quality source for vulnerability data.

Affected

• IBM MQ
• NetApp ActiveIQ Unified Manager
• IBM SPSS
• Hitachi Command Suite
• Hitachi Ops Center
• IBM TXSeries
• IBM Sterling Connect:Direct
• IBM DB2
• IBM Rational Application Developer for WebSphere Software
• Oracle Java SE
• Amazon Corretto
• IBM Java
• IBM Semeru Runtime
• IBM Tivoli Netcool/OMNIbus
• Dell NetWorker
• Open Source Camunda
• RealObjects PDFreactor
• IBM License Metric Tool
• IBM DataPower Gateway
• IBM Security Verify Access
• IBM Rational Software Architect
• IBM Cognos Analytics
• Debian Linux
• Amazon Linux 2
• IBM InfoSphere Information Server
• Open Source OpenJDK
• Red Hat Enterprise Linux
• IBM WebSphere Application Server
• Ubuntu Linux
• SUSE Linux
• Oracle Linux
• IBM Tivoli Monitoring
• IBM Integration Bus
• IBM Tivoli Network Manager
• IBM Tivoli Business Service Manager
• IBM Business Automation Workflow
• Hitachi Configuration Manager
• IBM QRadar SIEM
• IBM Rational Business Developer
• IBM Tivoli Key Lifecycle Manager
• SUSE openSUSE
• RESF Rocky Linux
• IBM App Connect Enterprise
• Xerox FreeFlow Print Server

Productinfo

Type

• Smartphone Operating System

Vendor

• Apple

Name

• iOS
• iPadOS

License

• commercial

Website

• Vendor: https://www.apple.com/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Be aware that VulDB is the high quality source for vulnerability data.

Discussion