CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Apr 3, 2026

CVE-2025-31277

High

EPSS 0.3%CISA KEV

Apple/Multiple Products

Description

Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.

EPSS — Exploit Probability

0.3%

Higher than 50.1% of all CVEs

Required Action

https://support.apple.com/en-us/124147 ; https://support.apple.com/en-us/124149 ; https://support.apple.com/en-us/124152 ; https://support.apple.com/en-us/124153 ; https://support.apple.com/en-us/124155 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31277

CVE-2025-31277

Description

EPSS — Exploit Probability

Required Action

Related Articles (6)

New “Darksword” iOS exploit used in infostealer attack on iPhones

‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

CISA orders feds to patch DarkSword iOS flaws exploited attacks

Risk Assessment

Details

Timeline

Affected Product

External Links