CVE-2025-31200

Published: Apr 16, 2025Modified: Apr 3, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.

Affected (6)

Products: Apple: Macos, Tvos, Visionos, Ipados, Iphone Os, Watchos

6 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	From 15.0 to 15.4.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Apple Tvos	Before 18.4.1

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apple Visionos	Before 2.4.1

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 18.4.1

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 18.4.1

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Apple Watchos	Before 11.5

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (15)

https://support.apple.com/en-us/122282

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122400

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122401

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122402

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/122722

Source: product-security@apple.com

Release NotesVendor Advisory

http://seclists.org/fulldisclosure/2025/Apr/26

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2025/Jun/14

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2025/May/10

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2025/Oct/0

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2025/Oct/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://blog.noahhw.dev/posts/cve-2025-31200/

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkExploit

https://news.ycombinator.com/item?id=44161894

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitBroken Link

https://github.com/cisagov/vulnrichment/issues/200

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Issue Tracking

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.