CVE-2025-31184
Published: 31 March 2025
Summary
CVE-2025-31184 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Apple Visionos. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces approved authorizations and permissions checking to prevent apps from gaining unauthorized access to local network resources.
Requires timely identification, reporting, and correction of flaws like this permissions checking vulnerability through patching to fixed versions.
Employs least privilege to restrict app access to local network only when explicitly authorized, mitigating unauthorized escalation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The permissions checking vulnerability (CWE-281) directly enables unauthorized local network access from an app, which maps to exploitation of a software vulnerability to gain privileges (T1068).
NVD Description
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network.
Deeper analysisAI
CVE-2025-31184 is a permissions checking vulnerability (CWE-281) that allows an app to gain unauthorized access to the Local Network. It affects Safari prior to version 18.4, iOS prior to 18.4, iPadOS prior to 18.4, macOS Sequoia prior to 15.4, and visionOS prior to 2.4. The issue was published on 2025-03-31 and carries a CVSS v3.1 base score of 7.8 (High), reflecting local attack vector, low complexity, no privileges required, required user interaction, unchanged scope, and high impacts on confidentiality, integrity, and availability.
A local attacker can exploit this vulnerability by tricking a user into interacting with a malicious app or content, such as through social engineering. No special privileges are needed, enabling the app to bypass intended restrictions and access Local Network resources without authorization. Successful exploitation could allow the attacker to read sensitive network data, modify network communications, or disrupt local services.
Apple security advisories detail the fix as improved permissions checking in the listed versions. Relevant updates are documented in support articles at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122378, and https://support.apple.com/en-us/122379, with additional disclosure at http://seclists.org/fulldisclosure/2025/Apr/12. Practitioners should ensure systems are updated to mitigate this issue.
Details
- CWE(s)