CVE-2025-31254

📊 5.4 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published Sep 15, 2025

📋 Status: Analyzed

This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.

CVSS v3.1 • 134c704f-9b21-4f2e-91b3-4a467353bcc0

🎯 Affected Products & Systems

3 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	apple	safari	< 26.0	Vulnerable	cpe:2.3:a:apple:safari::::::::
💻OS	apple	ipados	< 26.0	Vulnerable	cpe:2.3:o:apple:ipados::::::::
💻OS	apple	iphone os	< 26.0	Vulnerable	cpe:2.3:o:apple:iphone_os::::::::

📱

apple / safari

Application

Vulnerable

Version: < 26.0

CPE:

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

💻

apple / ipados

Operating System

Vulnerable

Version: < 26.0

CPE:

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

💻

apple / iphone os

Operating System

Vulnerable

Version: < 26.0

CPE:

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Metrics

5.4 MEDIUMCVSS v3.1134c704f-9b21-4f2e-91b3-4a467353bcc0

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

LOW

Integrity:

LOW

Availability:

NONE

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

5.4 (MEDIUM)v3.1

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

EPSS Details

0.0% (Minimal)7.4th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Sep 15, 2025 (1 month ago)

Last Modified

Sep 17, 2025 (1 month ago)

Security Weaknesses1

CWE-863

References3

NVDgeneralgeneral