Exposures › CVE-2025-31277
Apple's iOS/macOS/tvOS stack contains a buffer overflow vulnerability actively exploited by threat actors.
This buffer overflow in Apple's Safari and OS stack allows remote code execution via malicious web content, directly impacting DIB vendors relying on Apple hardware/software for secure endpoints. The active exploitation status and lack of a disclosed patch create immediate compliance risk for organizations using Apple devices in FedRAMP environments.
Shame score — While not a zero-day, the active exploitation of a known vulnerability in widely used Apple products creates significant supply chain and endpoint security exposure for DIB organizations.
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
No correlated FedRAMP products.