CVE-2025-31251 – Apple Media File Processing Denial of Service

May 12, 2025

CVE ID : CVE-2025-31251

Published : May 12, 2025, 10:15 p.m. | 1 hour, 28 minutes ago

Description : The issue was addressed with improved input sanitization. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-31253 – Apple FaceTime Audio Muting Vulnerability

Next Article CVE-2025-31250 – Apple macOS Sequoia Information Disclosure Vulnerability

Highlights

CVE-2025-48373 – Schule Client-Side Role Hijacking Vulnerability

May 22, 2025

CVE ID : CVE-2025-48373

Published : May 22, 2025, 9:15 p.m. | 1 hour, 36 minutes ago

Description : Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk because it assumes that the value of data.role is trustworthy on the client side. Attackers can manipulate JavaScript in the browser (e.g., via browser dev tools or intercepting API responses) and set data.role to any arbitrary value (e.g., “admin”), gaining unauthorized access to restricted areas of the application.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

Forget YouTube’s ad blocker war — this Google AI Overviews clone might finally sell me on the $14/month Premium subscription

Say hello to ECMAScript 2025

Say hello to ECMAScript 2025

Ecma International approves ECMAScript 2025: What’s new?

Building Together: PRFT Colleagues Volunteer with Atlanta Habitat for Humanity

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

CVE-2025-31251 – Apple Media File Processing Denial of Service

CVE-2025-32897 – Apache Seata (incubating) Untrusted Data Deserialization Vulnerability

CVE-2025-6822 – Code-projects Inventory Management System SQL Injection Vulnerability

Critical Mattermost Flaw (CVE-2025-4981, CVSS 9.9) Allows RCE Via Path Traversal

CVE-2025-30147 – Hyperledger Besu EC Point Crafting Vulnerability

CVE-2025-3815 – WordPress SurveyJS Stored Cross-Site Scripting

CVE-2025-48146 – LupsOnline SEO Flow CSRF Stored XSS

CVE-2025-48373 – Schule Client-Side Role Hijacking Vulnerability

Top 5 Use Cases for AI Agents in the Insurance Industry

Netgear EX6200 Vulnerabilities Expose Routers to Remote Attacks & Data Theft

Prompting for the best price-performance

CVE-2025-31251 – Apple Media File Processing Denial of Service

Related Posts