Apple iPadOS vulnerabilities
1,828 known vulnerabilities affecting apple/ipados.
Total CVEs
1,828
CISA KEV
79
actively exploited
Public exploits
8
Exploited in wild
62
Severity breakdown
CRITICAL105HIGH801MEDIUM799LOW123
Vulnerabilities
Page 15 of 92
CVE-2025-31239MEDIUMCVSS 4.3fixed in 17.7.7≥ 18.0, < 18.52025-05-12
CVE-2025-31239 [MEDIUM] CWE-416 CVE-2025-31239: A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.
A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to an unexpected app termination.
cvelistv5nvd
CVE-2025-24111MEDIUMCVSS 5.5fixed in 17.7.7≥ 18.0, < 18.32025-05-12
CVE-2025-24111 [MEDIUM] CWE-119 CVE-2025-24111: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to cause unexpected system termination.
cvelistv5nvd
CVE-2025-31209MEDIUMCVSS 6.3fixed in 17.7.7≥ 18.0, < 18.52025-05-12
CVE-2025-31209 [MEDIUM] CWE-125 CVE-2025-31209: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 a
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Parsing a file may lead to disclosure of user information.
cvelistv5nvd
CVE-2025-31227MEDIUMCVSS 4.6fixed in 18.52025-05-12
CVE-2025-31227 [MEDIUM] CWE-863 CVE-2025-31227: A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. A
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.
nvd
CVE-2025-31205MEDIUMCVSS 6.5fixed in 18.52025-05-12
CVE-2025-31205 [MEDIUM] CWE-352 CVE-2025-31205: The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadO
The issue was addressed with improved checks. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. A malicious website may exfiltrate data cross-origin.
nvd
CVE-2025-31226MEDIUMCVSS 5.5fixed in 17.7.7≥ 18.0, < 18.52025-05-12
CVE-2025-31226 [MEDIUM] CWE-400 CVE-2025-31226: A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, i
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted image may lead to a denial-of-service.
cvelistv5nvd
CVE-2025-31210MEDIUMCVSS 6.5fixed in 17.7.7≥ 18.0, < 18.52025-05-12
CVE-2025-31210 [MEDIUM] CWE-400 CVE-2025-31210: The issue was addressed with improved UI. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17
The issue was addressed with improved UI. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing web content may lead to a denial-of-service.
cvelistv5nvd
CVE-2025-31245MEDIUMCVSS 5.5fixed in 17.7.7≥ 18.0, < 18.52025-05-12
CVE-2025-31245 [MEDIUM] CWE-400 CVE-2025-31245: The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadO
The issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5. An app may be able to cause unexpected system termination.
cvelistv5nvd
CVE-2025-31212MEDIUMCVSS 5.5fixed in 18.52025-05-12
CVE-2025-31212 [MEDIUM] CWE-284 CVE-2025-31212: This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPad
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.
nvd
CVE-2025-31217MEDIUMCVSS 6.5fixed in 17.7.7≥ 18.0, < 18.52025-05-12
CVE-2025-31217 [MEDIUM] CWE-20 CVE-2025-31217: The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5
The issue was addressed with improved input validation. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2025-31233MEDIUMCVSS 6.3fixed in 17.7.7≥ 18.0, < 18.52025-05-12
CVE-2025-31233 [MEDIUM] CWE-20 CVE-2025-31233: The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS
The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
cvelistv5nvd
CVE-2025-31251MEDIUMCVSS 5.5fixed in 17.7.7≥ 18.0, < 18.52025-05-12
CVE-2025-31251 [MEDIUM] CWE-400 CVE-2025-31251: The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS
The issue was addressed with improved input sanitization. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
cvelistv5nvd
CVE-2025-31220MEDIUMCVSS 5.5fixed in 17.7.72025-05-12
CVE-2025-31220 [MEDIUM] CWE-200 CVE-2025-31220: A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macO
A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to read sensitive location information.
cvelistv5nvd
CVE-2025-31235MEDIUMCVSS 6.5fixed in 17.7.72025-05-12
CVE-2025-31235 [MEDIUM] CWE-415 CVE-2025-31235: A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.
A double free issue was addressed with improved memory management. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to cause unexpected system termination.
cvelistv5nvd
CVE-2025-31196MEDIUMCVSS 5.5fixed in 17.7.72025-05-12
CVE-2025-31196 [MEDIUM] CWE-125 CVE-2025-31196: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.4
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.
cvelistv5nvd
CVE-2025-31206MEDIUMCVSS 4.3fixed in 17.7.7≥ 18.0, < 18.52025-05-12
CVE-2025-31206 [MEDIUM] CWE-843 CVE-2025-31206: A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
cvelistv5nvd
CVE-2025-31257MEDIUMCVSS 4.7fixed in 18.52025-05-12
CVE-2025-31257 [MEDIUM] CWE-119 CVE-2025-31257: This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5
This issue was addressed with improved memory handling. This issue is fixed in Safari 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, tvOS 18.5, visionOS 2.5, watchOS 11.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
nvd
CVE-2025-31228MEDIUMCVSS 6.8fixed in 17.7.7≥ 18.0, < 18.52025-05-12
CVE-2025-31228 [MEDIUM] CWE-287 CVE-2025-31228: The issue was addressed with improved authentication. This issue is fixed in iOS 18.5 and iPadOS 18.
The issue was addressed with improved authentication. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. An attacker with physical access to a device may be able to access notes from the lock screen.
cvelistv5nvd
CVE-2025-31242MEDIUMCVSS 5.5fixed in 17.7.72025-05-12
CVE-2025-31242 [MEDIUM] CWE-200 CVE-2025-31242: A privacy issue was addressed with improved private data redaction for log entries. This issue is fi
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.3, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.
cvelistv5nvd
CVE-2025-24091MEDIUMCVSS 5.5fixed in 17.7.3≥ 18.0, < 18.32025-04-30
CVE-2025-24091 [MEDIUM] CWE-290 CVE-2025-24091: An app could impersonate system notifications. Sensitive notifications now require restricted entitl
An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.
cvelistv5nvd