CVE-2025-31200

7.5

CVSS
High

PUBLISHED

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1,...

Exploited in the wild Remote

Vendor: Apple
Product: iOS and iPadOS, macOS, tvOS, visionOS, watchOS
Published: Apr 16, 2025
EPSS: —

Description

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.

macos ios cisa nessus_scanner

CVSS scores

CVSS v3.1 7.5 High

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-04-17 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Apr 17, 2025

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/234506	Jun 02, 2025

Vulnerability detail