Cyber Resilience

CVE-2025-31279

Critical

Published: 30 July 2025

Published
30 July 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0046 64.7th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-31279 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique System Information Discovery (T1082); ranked in the top 35.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-31279 is a permissions issue classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), enabling an app to fingerprint the user. It affects iPadOS versions prior to 17.7.9, macOS Sequoia prior to 15.6, macOS Sonoma prior to 14.7.7, and macOS Ventura prior to 13.7.7. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-07-30.

The vulnerability can be exploited remotely over the network with low attack complexity, requiring no privileges, no user interaction, and no change in scope. An attacker can leverage a malicious app to fingerprint the user, resulting in high impacts to confidentiality, integrity, and availability.

Apple advisories indicate the issue was addressed by implementing additional restrictions on permissions. Mitigation requires updating to iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7. Further details are provided in Apple support documents at https://support.apple.com/en-us/124148, https://support.apple.com/en-us/124149, https://support.apple.com/en-us/124150, https://support.apple.com/en-us/124151, and http://seclists.org/fulldisclosure/2025/Jul/31.

EU & UK References

Vulnerability details

A permissions issue was addressed with additional restrictions. This issue is fixed in iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to fingerprint the user.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
Why these techniques?

Permissions flaw enables unauthorized access to sensitive device/user data, directly facilitating system information discovery by a malicious app.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24102Same product: Apple Ipados
CVE-2026-20606Same product: Apple Ipados
CVE-2025-24232Same product: Apple Macos
CVE-2025-24263Same product: Apple Macos
CVE-2025-24109Same product: Apple Macos
CVE-2026-28962Same product: Apple Ipados
CVE-2025-43189Same product: Apple Macos
CVE-2025-24174Same product: Apple Macos
CVE-2025-43220Same product: Apple Ipados
CVE-2025-30465Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 17.7.9
apple
macos
≤ 13.7.7 · 14.0 — 14.7.7 · 15.0 — 15.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations and restrictions on app access to user data, directly addressing the permissions issue that enables fingerprinting.

prevent

Applies least privilege to apps, preventing excessive permissions that allow unauthorized user fingerprinting as exploited in this CVE.

prevent

Requires timely flaw remediation through patching to the fixed OS versions that implement additional permissions restrictions.

References