Back to KEVs

CVE-2025-31201

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1,...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 27, 2025
Published Date
April 16, 2025
Last Updated
April 17, 2025
Vendor
Apple
Product
visionOS, iOS iOS and iPadOS, tvOS, macOS
Description
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVSS Scores

EPSS Score

Score
0.35% (Percentile: 56.73%) as of 2025-04-29

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2025-04-17 00:00:00 UTC) Source

References

https://support.apple.com/en-us/122402 https://support.apple.com/en-us/122282 https://support.apple.com/en-us/122401 https://support.apple.com/en-us/122400

Known Exploited Vulnerability Information

Source Added Date
CISA 2025-04-17 00:00:00 UTC