CISA has added CVE‑2025‑31277 to its Known Exploited Vulnerabilities (KEV) catalogue. The entry concerns an Apple “Multiple Products Buffer Overflow Vulnerability” that affects Safari and the web stack in iOS, iPadOS, macOS, watchOS, visionOS and tvOS. The flaw allows maliciously crafted web content to trigger memory corruption.
The vulnerability is a classic buffer overflow that can be exploited by a remote attacker who supplies specially crafted HTML, JavaScript or other web resources. Successful exploitation can lead to arbitrary code execution in the context of the vulnerable process, potentially compromising the device. The CVSS v3.1 base score is 8.8, classified as HIGH. Apple has issued patches for all affected operating system versions, and remediation guidance is available through Apple support advisories.
CISA’s inclusion of the CVE indicates that active exploitation is occurring in the wild. While no ransomware campaigns have been linked to this flaw, the existence of weaponised exploits is confirmed. Agencies must address the issue by the remediation deadline of 3 April 2026.
CISA requires organisations to “apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.” The directive applies directly to Federal Civilian Executive Branch (FCEB) agencies, but any entity running the listed Apple products should assess exposure and apply the Apple security updates without delay.
For full technical details, see the NVD entry for CVE‑2025‑31277 and the CISA KEV catalogue.