CVE Vulnerabilities

CVE-2025-31237

Improper Resource Shutdown or Release

Published: May 12, 2025 | Modified: May 27, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. Mounting a maliciously crafted AFP network share may lead to system termination.

Weakness

The product does not release or incorrectly releases a resource before it is made available for re-use.

Affected Software

Name Vendor Start Version End Version
Macos Apple * 13.7.6 (excluding)
Macos Apple 14.0 (including) 14.7.6 (excluding)
Macos Apple 15.0 (including) 15.5 (excluding)

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

References