KEVIntel
Back to KEVs
6.8
CVSS
Medium

CVE-2025-31201

PUBLISHED

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1,...

Exploited in the wild Remote No user interaction
Vendor
Apple
Product
iOS and iPadOS, macOS, tvOS, visionOS
Published
Apr 16, 2025
EPSS

Description

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

macos ios cisa nessus_scanner

CVSS scores

CVSS v3.1 6.8 Medium

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitation status

Exploited in the wild

Recorded 2025-04-17 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Apr 17, 2025

Scanner integrations

Scanner Reference Detected
Nessus https://www.tenable.com/plugins/nessus/234506 Jun 02, 2025

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Detected by Nessus