iPadOS
iPadOS 18.5
Official advisory37 CVEs fixed by this release.
- Release date
- 2025-05-12
- End of support
- —
- CVEs fixed
- 37
- CISA KEV
- 0
- Critical
- 0
- High
- 1
- NVD pending
- 36
CVEs fixed
| CVE | Severity | KEV | Published | Description |
|---|---|---|---|---|
|
CVE-2024-8176
[Apple libexpat] Multiple issues in libexpat, including unexpected app termination or arbitrary code execution |
HIGH 7.5 | — | [Apple libexpat] Multiple issues in libexpat, including unexpected app termination or arbitrary code execution | |
|
CVE-2025-24224
[Apple Kernel] A remote attacker may be able to cause unexpected system termination |
N/A | — | [Apple Kernel] A remote attacker may be able to cause unexpected system termination | |
|
CVE-2025-24213
[Apple WebKit] A type confusion issue could lead to memory corruption |
N/A | — | [Apple WebKit] A type confusion issue could lead to memory corruption | |
|
CVE-2025-24223
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-24225
[Apple Mail Addressing] Processing an email may lead to user interface spoofing |
N/A | — | [Apple Mail Addressing] Processing an email may lead to user interface spoofing | |
|
CVE-2025-30448
[Apple iCloud Document Sharing] An attacker may be able to turn on sharing of an iCloud folder without authentication |
N/A | — | [Apple iCloud Document Sharing] An attacker may be able to turn on sharing of an iCloud folder without authentication | |
|
CVE-2025-31204
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-31205
[Apple WebKit] A malicious website may exfiltrate data cross-origin |
N/A | — | [Apple WebKit] A malicious website may exfiltrate data cross-origin | |
|
CVE-2025-31206
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-31207
[Apple FrontBoard] An app may be able to enumerate a user's installed apps |
N/A | — | [Apple FrontBoard] An app may be able to enumerate a user's installed apps | |
|
CVE-2025-31208
[Apple CoreAudio] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreAudio] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-31209
[Apple CoreGraphics] Parsing a file may lead to disclosure of user information |
N/A | — | [Apple CoreGraphics] Parsing a file may lead to disclosure of user information | |
|
CVE-2025-31210
[Apple FaceTime] Processing web content may lead to a denial-of-service |
N/A | — | [Apple FaceTime] Processing web content may lead to a denial-of-service | |
|
CVE-2025-31212
[Apple Core Bluetooth] An app may be able to access sensitive user data |
N/A | — | [Apple Core Bluetooth] An app may be able to access sensitive user data | |
|
CVE-2025-31214
[Apple Baseband] An attacker in a privileged network position may be able to intercept network traffic |
N/A | — | [Apple Baseband] An attacker in a privileged network position may be able to intercept network traffic | |
|
CVE-2025-31215
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected process crash | |
|
CVE-2025-31216
[Apple Wi-Fi] An attacker with physical access to a device may be able to override managed Wi-Fi profiles |
N/A | — | [Apple Wi-Fi] An attacker with physical access to a device may be able to override managed Wi-Fi profiles | |
|
CVE-2025-31217
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-31219
[Apple Kernel] An attacker may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Kernel] An attacker may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-31221
[Apple Security] A remote attacker may be able to leak memory |
N/A | — | [Apple Security] A remote attacker may be able to leak memory | |
|
CVE-2025-31222
[Apple mDNSResponder] A user may be able to elevate privileges |
N/A | — | [Apple mDNSResponder] A user may be able to elevate privileges | |
|
CVE-2025-31223
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-31225
[Apple Call History] Call history from deleted apps may still appear in spotlight search results |
N/A | — | [Apple Call History] Call history from deleted apps may still appear in spotlight search results | |
|
CVE-2025-31226
[Apple ImageIO] Processing a maliciously crafted image may lead to a denial-of-service |
N/A | — | [Apple ImageIO] Processing a maliciously crafted image may lead to a denial-of-service | |
|
CVE-2025-31227
[Apple Notes] An attacker with physical access to a device may be able to access a deleted call recording |
N/A | — | [Apple Notes] An attacker with physical access to a device may be able to access a deleted call recording | |
|
CVE-2025-31228
[Apple Notes] An attacker with physical access to a device may be able to access notes from the lock screen |
N/A | — | [Apple Notes] An attacker with physical access to a device may be able to access notes from the lock screen | |
|
CVE-2025-31233
[Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple CoreMedia] Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-31234
[Apple Pro Res] An attacker may be able to cause unexpected system termination or corrupt kernel memory |
N/A | — | [Apple Pro Res] An attacker may be able to cause unexpected system termination or corrupt kernel memory | |
|
CVE-2025-31238
[Apple WebKit] Processing maliciously crafted web content may lead to memory corruption |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to memory corruption | |
|
CVE-2025-31239
[Apple CoreMedia] Parsing a file may lead to an unexpected app termination |
N/A | — | [Apple CoreMedia] Parsing a file may lead to an unexpected app termination | |
|
CVE-2025-31241
[Apple Kernel] A remote attacker may cause an unexpected app termination |
N/A | — | [Apple Kernel] A remote attacker may cause an unexpected app termination | |
|
CVE-2025-31242
[Apple StoreKit] An app may be able to access sensitive user data |
N/A | — | [Apple StoreKit] An app may be able to access sensitive user data | |
|
CVE-2025-31245
[Apple Pro Res] An app may be able to cause unexpected system termination |
N/A | — | [Apple Pro Res] An app may be able to cause unexpected system termination | |
|
CVE-2025-31251
[Apple AppleJPEG] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process… |
N/A | — | [Apple AppleJPEG] Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory | |
|
CVE-2025-31253
[Apple FaceTime] Muting the microphone during a FaceTime call may not result in audio being silenced |
N/A | — | [Apple FaceTime] Muting the microphone during a FaceTime call may not result in audio being silenced | |
|
CVE-2025-31257
[Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash |
N/A | — | [Apple WebKit] Processing maliciously crafted web content may lead to an unexpected Safari crash | |
|
CVE-2025-43374
[Apple Wi-Fi] An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory |
N/A | — | [Apple Wi-Fi] An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory |