{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31226", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-27T16:13:58.321Z", "datePublished": "2025-05-12T21:42:49.304Z", "dateUpdated": "2026-04-02T18:21:04.197Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing a maliciously crafted image may lead to a denial-of-service"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "17.7.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"version": "0", "status": "affected", "lessThan": "2.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"version": "0", "status": "affected", "lessThan": "11.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service."}], "references": [{"url": "https://support.apple.com/en-us/122404"}, {"url": "https://support.apple.com/en-us/122405"}, {"url": "https://support.apple.com/en-us/122716"}, {"url": "https://support.apple.com/en-us/122720"}, {"url": "https://support.apple.com/en-us/122721"}, {"url": "https://support.apple.com/en-us/122722"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:21:04.197Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-400", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-14T14:19:17.923851Z", "id": "CVE-2025-31226", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T14:20:02.678Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/12"}, {"url": "http://seclists.org/fulldisclosure/2025/May/10"}, {"url": "http://seclists.org/fulldisclosure/2025/May/7"}, {"url": "http://seclists.org/fulldisclosure/2025/May/6"}, {"url": "http://seclists.org/fulldisclosure/2025/May/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:50:35.666Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/12"}, {"url": "http://seclists.org/fulldisclosure/2025/May/10"}, {"url": "http://seclists.org/fulldisclosure/2025/May/7"}, {"url": "http://seclists.org/fulldisclosure/2025/May/6"}, {"url": "http://seclists.org/fulldisclosure/2025/May/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:50:35.666Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-31226", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-14T14:19:17.923851Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T14:19:57.550Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "0", "lessThan": "18.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iPadOS", "versions": [{"status": "affected", "version": "0", "lessThan": "17.7.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "15.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "tvOS", "versions": [{"status": "affected", "version": "0", "lessThan": "18.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "visionOS", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "watchOS", "versions": [{"status": "affected", "version": "0", "lessThan": "11.5", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122404"}, {"url": "https://support.apple.com/en-us/122405"}, {"url": "https://support.apple.com/en-us/122716"}, {"url": "https://support.apple.com/en-us/122720"}, {"url": "https://support.apple.com/en-us/122721"}, {"url": "https://support.apple.com/en-us/122722"}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing a maliciously crafted image may lead to a denial-of-service"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:21:04.197Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31226", "state": "PUBLISHED", "dateUpdated": "2026-04-02T18:21:04.197Z", "dateReserved": "2025-03-27T16:13:58.321Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-05-12T21:42:49.304Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "683ECAF8-DB29-40DB-963A-B95EA2A2AC01", "versionEndExcluding": "17.7.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "069735D6-38B4-402A-9E79-1961701C9AD3", "versionEndExcluding": "18.5", "versionStartIncluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF6AAC00-F384-4B0D-BBA9-C2AD278BF653", "versionEndExcluding": "18.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF1B4AB8-2B51-4EED-BD29-C500C83FAB10", "versionEndExcluding": "15.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "519C8A39-A24E-44B7-B1E8-6EF647FEFCA8", "versionEndExcluding": "18.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "matchCriteriaId": "047CDCCE-04BB-4D43-9831-7694992C5CC4", "versionEndExcluding": "2.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CBDEF1C-6D76-4F9D-8433-3AC16F3860F4", "versionEndExcluding": "11.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service."}, {"lang": "es", "value": "Se solucion\u00f3 un problema l\u00f3gico mejorando las comprobaciones. Este problema se solucion\u00f3 en watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 y iPadOS 18.5, macOS Sequoia 15.5 y visionOS 2.5. Procesar una imagen manipulada con fines maliciosos puede provocar una denegaci\u00f3n de servicio."}], "id": "CVE-2025-31226", "lastModified": "2026-04-02T19:19:51.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-12T22:15:23.313", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122404"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122405"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122716"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122720"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122721"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122722"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/7"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T01:46:33.380644+00:00", "value": {"mitigation_remediation": ["Upgrade the affected Apple operating systems to the specified patched releases: iOS\u00a018.5, iPadOS\u00a018.5/17.7.7, macOS\u00a0Sequoia\u00a015.5, tvOS\u00a018.5, visionOS\u00a02.5, watchOS\u00a011.5 or newer.", "If an upgrade cannot be performed immediately, restrict or sandbox the services and applications that accept image input to limit their exposure to potentially malicious data and enforce strict size and format validation.", "Continuously monitor device logs for repeated image decoding failures or crashes, and apply host\u2011based intrusion detection rules that flag anomalous spending of system resources or repeated DoS patterns."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Apple iOS 18.5 and later, iPadOS 18.5 and 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5 and later are secured against this issue. Earlier versions in each platform family are susceptible.", "description_and_impact": "A logic flaw in Apple\u2019s image processing handling can be triggered by a maliciously crafted image, causing the receiving process to crash and resulting in a denial of service. The vulnerability exploits inadequate validation checks that were improved in newer releases. By supplying the crafted image, an attacker can cause interruption of normal operation, potentially impacting availability for local or remote applications that rely on image rendering.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate severity, while an EPSS score of less than 1% shows the vulnerability is unlikely to be actively exploited. It is not listed in CISA KEV, suggesting no known widespread exploitation. The likely attack vector is the delivery of a malicious image through any interface that accepts image input, such as a web browser, email client, or media application. An attacker would need to supply the crafted image to the target device; once processed, the exposed logic error can cause a crash and a temporary denial of service."}}}}, "created": "2026-04-28T02:00:15.380459+00:00", "title": "Denial of Service Triggered by Malicious Image Processing on Apple Platforms", "updated": "2026-04-28T02:00:15.380471+00:00", "vendors": []}