Multiple vulnerabilities in Apple tvOS
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 24 |
| CVE-ID | CVE-2025-31221 CVE-2025-31257 CVE-2025-31205 CVE-2025-31206 CVE-2025-31215 CVE-2025-31217 CVE-2025-31204 CVE-2025-24223 CVE-2025-31238 CVE-2025-31223 CVE-2025-24213 CVE-2025-31234 CVE-2025-31251 CVE-2025-31245 CVE-2025-31222 CVE-2024-8176 CVE-2025-31241 CVE-2025-31219 CVE-2025-31226 CVE-2025-31233 CVE-2025-31239 CVE-2025-31209 CVE-2025-31208 CVE-2025-31212 |
| CWE-ID | CWE-190 CWE-119 CWE-200 CWE-843 CWE-284 CWE-20 CWE-121 CWE-415 CWE-416 CWE-125 CWE-371 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
tvOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 24 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU108975
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-31221
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to integer overflow in Security. A remote attacker can trigger integer overflow and read parts of kernel memory.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory corruption
EUVDB-ID: #VU108955
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31257
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected Safari crash.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU108960
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-31205
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted website and exfiltrate data cross-origin.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Type Confusion
EUVDB-ID: #VU108953
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31206
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error within the WebKit engine. A remote attacker can trick the victim into visiting a specially crafted web page, trigger a type confusion error and crash the browser.
Install update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU108952
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31215
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in WebKit. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected process crash.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper input validation
EUVDB-ID: #VU108954
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31217
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in WebKit. A remote attacker can trick the victim into opening a specially crafted website and perform an unexpected Safari crash.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU108958
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-31204
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Buffer overflow
EUVDB-ID: #VU108959
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24223
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU108957
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-31238
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU108956
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-31223
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit engine. A remote attacker can trick the victim into visiting a specially crafted webpage, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Type confusion
EUVDB-ID: #VU106881
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24213
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error. A remote attacker can trick the victim into visiting a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU108973
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-31234
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Pro Res. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Buffer overflow
EUVDB-ID: #VU108964
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31251
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing specially crafted image files in AppleJPEG. A remote attacker can trick the victim into opening a specially crafted file, trigger memory corruption and crash the application.
Install update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Improper access control
EUVDB-ID: #VU108945
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31245
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in Pro Res. A local application can cause unexpected system termination.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Improper access control
EUVDB-ID: #VU108942
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31222
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions in mDNSResponder. A local user can elevate privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Stack-based buffer overflow
EUVDB-ID: #VU105723
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-8176
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when handling XML content. A remote attacker can pass specially crafted XML content to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Double free
EUVDB-ID: #VU108968
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-31241
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the OS kernel. A remote attacker trigger a double free error and crash the system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Buffer overflow
EUVDB-ID: #VU108969
Risk: Critical
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]
CVE-ID: CVE-2025-31219
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing Microsoft Office files. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Improper access control
EUVDB-ID: #VU108940
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31226
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in ImageIO. A remote attacker can trick the victim into opening a specially crafted file and perform a denial-of-service.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Buffer overflow
EUVDB-ID: #VU108966
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-31233
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in CoreMedia when processing video files. A remote attacker can create a specially crafted video file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use after free
EUVDB-ID: #VU108939
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31239
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in CoreMedia. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected app termination.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU108938
Risk: Medium
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-31209
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in CoreGraphics. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Improper access control
EUVDB-ID: #VU108937
Risk: Low
CVSSv4.0: 1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31208
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in CoreAudio. A remote attacker can trick the victim into opening a specially crafted file and perform an unexpected app termination.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) State issues
EUVDB-ID: #VU108936
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-31212
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to a state management issue in Core Bluetooth. A local application can access sensitive user data.
MitigationInstall update from vendor's website.
Vulnerable software versionstvOS: 18.0 - 18.4.1
CPE2.3- cpe:2.3:o:apple:tvos:18.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:18.3:*:*:*:*:*:*:*
https://support.apple.com/en-us/122720
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
