{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-46306", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-22T21:13:49.960Z", "datePublished": "2026-01-28T17:26:19.751Z", "dateUpdated": "2026-04-02T18:24:08.892Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing a maliciously crafted Keynote file may disclose memory contents"}]}], "affected": [{"vendor": "Apple", "product": "Keynote", "versions": [{"version": "0", "status": "affected", "lessThan": "15.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents."}], "references": [{"url": "https://support.apple.com/en-us/125108"}, {"url": "https://support.apple.com/en-us/125110"}, {"url": "https://support.apple.com/en-us/126254"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:24:08.892Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "CWE-125 Out-of-bounds Read"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-29T16:04:29.926674Z", "id": "CVE-2025-46306", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T16:41:52.396Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-46306", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-29T16:04:29.926674Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-29T16:04:39.151Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "Keynote", "versions": [{"status": "affected", "version": "0", "lessThan": "15.1", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "0", "lessThan": "26", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "26", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125108"}, {"url": "https://support.apple.com/en-us/125110"}, {"url": "https://support.apple.com/en-us/126254"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing a maliciously crafted Keynote file may disclose memory contents"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T15:20:36.829Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46306", "state": "PUBLISHED", "dateUpdated": "2026-03-25T15:20:36.829Z", "dateReserved": "2025-04-22T21:13:49.960Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-01-28T17:26:19.751Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:keynote:*:*:*:*:*:*:*:*", "matchCriteriaId": "D682F73E-4A79-4BE5-AC6C-51C497A3BFE9", "versionEndExcluding": "15.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4221CFD-0208-42B8-AACA-1BE6AEC3BA9A", "versionEndExcluding": "26.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "68DCA17A-424E-4EE3-B005-0F2E42407226", "versionEndExcluding": "26.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "39AFEC84-CF6E-4859-8B5A-C5CF3F838A94", "versionEndExcluding": "26.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved bounds checks. This issue is fixed in Keynote 15.1, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing a maliciously crafted Keynote file may disclose memory contents."}, {"lang": "es", "value": "El problema se solucion\u00f3 mejorando las comprobaciones de los l\u00edmites. Este problema se corrige en macOS Tahoe 26, Keynote 15.1, iOS 26 y iPadOS 26. Procesar un archivo de Keynote creado maliciosamente podr\u00eda revelar el contenido de la memoria."}], "id": "CVE-2025-46306", "lastModified": "2026-03-25T16:16:07.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-28T18:16:49.213", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125108"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125110"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/126254"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T20:06:05.019470+00:00", "value": {"mitigation_remediation": ["Update Keynote to version 15.1 or later and install the latest iOS, iPadOS, and macOS software updates (including versions 26 and Tahoe\u202f26) to apply the bounds\u2011check fix.", "Avoid opening or executing Keynote files from untrusted or unknown sources until the updates are installed.", "Configure macOS Gatekeeper or iOS app\u2011store security settings to enforce stricter document handling policies, reducing the chance that a malicious file is processed."], "summary": {"action": "Patch", "impact": "Memory Disclosure"}, "threat_synthesis": {"affected_systems": "Affected products include Apple Keynote version 15 and earlier, iOS and iPadOS versions prior to 26, and macOS earlier than Tahoe 26. Apple has documented the issue for all four products and released fixes in the latest updates for each platform.", "description_and_impact": "The vulnerability is a bounds check failure in Apple\u2019s Keynote, iOS, iPadOS, and macOS that occurs when processing specially crafted Keynote files. It can let an attacker read arbitrary memory contents from the process handling the file, potentially exposing sensitive data such as credentials or personal information. The flaw corresponds to CWE\u2011125, an out\u2011of\u2011bounds read.", "risk_and_exploitability": "The CVSS score of 5.5 indicates moderate risk, and the EPSS score of less than 1% suggests that exploitation is not widespread. The flaw is not listed in the CISA KEV catalog, implying that no known campaigns target it. An attacker would need to deliver a malicious Keynote file\u2014likely from an untrusted source\u2014to trigger the memory disclosure. Because the vulnerability affects confidentiality only, the overall impact is limited to potential data leakage."}}}}, "created": "2026-01-29T09:09:28.497606+00:00", "title": "Bounds Check Failure in Keynote Allows Memory Disclosure", "updated": "2026-04-22T20:15:20.528552+00:00", "vendors": ["apple", "apple$PRODUCT$ios", "apple$PRODUCT$ipad_os", "apple$PRODUCT$keynote", "apple$PRODUCT$macos", "apple$PRODUCT$macos_tahoe"]}