Back to KEVs

CVE-2025-31200

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 27, 2025
Published Date
April 16, 2025
Last Updated
June 06, 2025
Vendor
Apple
Product
visionOS, iOS iOS and iPadOS, tvOS, macOS
Description
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Tags
macos ios cisa

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Score
0.22% (Percentile: 45.26%) as of 2025-05-15

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-04-17 00:00:00 UTC) Source

References

https://support.apple.com/en-us/122402 https://support.apple.com/en-us/122282 https://support.apple.com/en-us/122401 https://support.apple.com/en-us/122400

Known Exploited Vulnerability Information

Source Added Date
CISA 2025-04-17 00:00:00 UTC

Recent Mentions

Posted by josephgoyd via Fulldisclosure on Jun 09Hello Full Disclosure, This is a strategic public disclosure of a zero-click iMessage exploit chain that was discovered live on iOS 18.2 and remained unpatched through iOS 18.4. It enabled Secure Enclave key theft, wormable remote code execution, and undetectable crypto wallet exfiltration. Despite responsible disclosure, the research was suppressed by the vendor. Apple issued a silent fix in iOS 18.4.1 (April 2025) without public...

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel