{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31263", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-27T16:13:58.338Z", "datePublished": "2025-05-29T21:34:24.023Z", "dateUpdated": "2026-04-02T18:11:28.712Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to corrupt coprocessor memory"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "15.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory."}], "references": [{"url": "https://support.apple.com/en-us/122373"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:11:28.712Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-30T14:43:11.594111Z", "id": "CVE-2025-31263", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T22:03:07.155Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-31263", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-30T14:43:11.594111Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-30T14:43:14.639Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "15.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122373"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to corrupt coprocessor memory"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:11:28.712Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31263", "state": "PUBLISHED", "dateUpdated": "2026-04-02T18:11:28.712Z", "dateReserved": "2025-03-27T16:13:58.338Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-05-29T21:34:24.023Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3BD0A90-23F1-430A-8119-E14055F7E621", "versionEndExcluding": "15.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory."}, {"lang": "es", "value": "El problema se solucion\u00f3 mejorando la gesti\u00f3n de la memoria. Este problema se solucion\u00f3 en macOS Sequoia 15.4. Una aplicaci\u00f3n podr\u00eda da\u00f1ar la memoria del coprocesador."}], "id": "CVE-2025-31263", "lastModified": "2025-06-02T15:59:55.480", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-29T22:15:22.250", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122373"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T01:32:25.750954+00:00", "value": {"mitigation_remediation": ["Upgrade macOS to Sequoia 15.4 or later, which includes the improved memory handling fix.", "Apply any available updates to third\u2011party software that may interact with coprocessor memory to ensure they respect memory bounds.", "Enable or verify that System Integrity Protection is active, and monitor system logs for unusual coprocessor activity."], "summary": {"action": "Apply patch", "impact": "Memory corruption potentially enabling arbitrary code execution"}, "threat_synthesis": {"affected_systems": "Apple\u2019s macOS operating system is affected. The issue was fixed in macOS Sequoia 15.4, so versions prior to 15.4 are at risk. The vulnerability could impact any application running on macOS that interacts with coprocessor memory. All users of affected macOS releases need to consider this.", "description_and_impact": "The vulnerability is an improper memory handling flaw that can lead to a buffer overrun. An application's misuse of memory buffers could corrupt the memory of the system coprocessor, exposing the system to instability or compromising confidentiality and integrity. The weakness reflects a classic buffer overflow (CWE\u2011119).", "risk_and_exploitability": "The CVSS score of 9.1 places this vulnerability in the critical range. Each attacker would need to exploit the flaw via a memory boundary violation, usually from inside an application, which makes it a local or privileged attacker scenario. The EPSS score is below 1%, indicating low public exploitation likelihood currently. The vulnerability is not cataloged in CISA\u2019s KEV, which means it has not yet been widely exploited in the wild. However, the high severity score suggests that attackers who discover or develop an exploit would have a powerful attack vector."}}}}, "created": "2026-04-28T01:45:18.312928+00:00", "title": "Coprocessor Memory Corruption via Improper Memory Handling", "updated": "2026-04-28T01:45:18.312939+00:00", "vendors": []}