{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31237", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-27T16:13:58.324Z", "datePublished": "2025-05-12T21:42:55.680Z", "dateUpdated": "2026-04-02T18:23:11.197Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Mounting a maliciously crafted AFP network share may lead to system termination"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "13.7.6", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "14.7.6", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. Mounting a maliciously crafted AFP network share may lead to system termination."}], "references": [{"url": "https://support.apple.com/en-us/122716"}, {"url": "https://support.apple.com/en-us/122717"}, {"url": "https://support.apple.com/en-us/122718"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:23:11.197Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Improper Resource Shutdown or Release"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-13T20:08:16.356369Z", "id": "CVE-2025-31237", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T20:09:24.552Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/9"}, {"url": "http://seclists.org/fulldisclosure/2025/May/8"}, {"url": "http://seclists.org/fulldisclosure/2025/May/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:51:11.701Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/9"}, {"url": "http://seclists.org/fulldisclosure/2025/May/8"}, {"url": "http://seclists.org/fulldisclosure/2025/May/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:51:11.701Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-31237", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-13T20:08:16.356369Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "CWE-404 Improper Resource Shutdown or Release"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T20:09:13.246Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.7", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122716"}, {"url": "https://support.apple.com/en-us/122717"}, {"url": "https://support.apple.com/en-us/122718"}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Mounting a maliciously crafted AFP network share may lead to system termination"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-05-12T21:42:55.680Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31237", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:51:11.701Z", "dateReserved": "2025-03-27T16:13:58.324Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-05-12T21:42:55.680Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A90AA958-60F3-474C-B351-0F143B498B3E", "versionEndExcluding": "13.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EE6D3FD-8A49-48CF-80A3-0FFC6BA80B99", "versionEndExcluding": "14.7.6", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7416C76-07EC-4132-A509-E3F62B002CCA", "versionEndExcluding": "15.5", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. Mounting a maliciously crafted AFP network share may lead to system termination."}, {"lang": "es", "value": "Este problema se solucion\u00f3 mejorando las comprobaciones. Este problema se solucion\u00f3 en macOS Ventura 13.7.6, macOS Sequoia 15.5 y macOS Sonoma 14.7.6. Montar un recurso compartido de red AFP manipulado con fines maliciosos puede provocar la interrupci\u00f3n del sistema."}], "id": "CVE-2025-31237", "lastModified": "2026-04-02T19:19:52.717", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-12T22:15:24.090", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122716"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122717"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122718"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/9"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T01:43:02.994757+00:00", "value": {"mitigation_remediation": ["Update the macOS operating system to at least macOS Sequoia\u202f15.5, macOS\u202fSonoma\u202f14.7.6, or macOS\u202fVentura\u202f13.7.6, which contain the applied checks that prevent the crash.", "Disable or restrict Apple Filing Protocol shares on systems that cannot be patched immediately to reduce exposure.", "Monitor system logs for AFP\u2011related errors or abnormal termination events and verify that the crash does not recur."], "summary": {"action": "Patch Immediately", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Apple macOS platforms are affected. The issue is fixed in macOS Sequoia\u202f15.5, macOS\u202fSonoma\u202f14.7.6, and macOS\u202fVentura\u202f13.7.6. Prior versions lacking these updates remain vulnerable.", "description_and_impact": "Mounting a maliciously crafted AFP network share can cause the system to terminate, effectively denying service to legitimate users. The weakness is classified as CWE\u2011404, indicating improper resource shutdown or release, which allows the attacker to induce a crash by manipulating the file\u2011system protocol handling. The impact is local to the affected machine but can disrupt multiple users if the device hosts critical services.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a high severity vulnerability. However, the EPSS score of less than 1% suggests exploitation is unlikely in the near term, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a network attacker mounting a malicious AFP share; the attacker would need network access to the target and the ability to craft a problematic share. Overall risk is high for exposed devices but low probability of current exploitation."}}}}, "created": "2026-04-28T01:45:18.318383+00:00", "title": "System Termination via Malicious AFP Share", "updated": "2026-04-28T01:45:18.318396+00:00", "vendors": []}