CVE-2025-31182

CVE-2025-31182 is a vulnerability involving improper handling of symlinks that allows an app to delete files for which it lacks permission. It affects Apple's operating systems prior to the following versions: iOS and iPadOS before 18.4, macOS Sequoia before 15.4, macOS Sonoma before 14.7.5, macOS Ventura before 13.7.5, tvOS before 18.4, visionOS before 2.4, and watchOS before 11.4. The issue is classified under CWE-862 (Missing Authorization) with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability.

The vulnerability can be exploited by a remote attacker with no privileges or user interaction required, typically through a malicious app that leverages flawed symlink handling to access and delete unauthorized files. Attackers can achieve arbitrary file deletion on the affected device, potentially leading to data loss, disruption of system functions, or exposure of sensitive information if critical files are targeted.

Apple's security advisories detail that the issue was addressed through improved symlink handling in the specified patched versions. Relevant updates are documented in support pages such as https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, and https://support.apple.com/en-us/122376, recommending immediate application of these updates for mitigation.