ACCORDING to CISA, the Known Exploited Vulnerabilities Catalog lists CVE-2025-31277 as an Apple Multiple Products buffer overflow vulnerability affecting Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS and tvOS, which could allow processing of maliciously crafted web content and memory corruption. The entry notes that the vulnerability is currently Unknown for being used in ransomware campaigns.
Action: apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Date Added is 20 March 2026 and Due Date is 3 April 2026. Additional notes provide several Apple support links and reference the NVD entry for CVE-2025-31277.