Critical severity9.8CISA KEVNVD Advisory· Published Apr 16, 2025· Updated Apr 3, 2026
CVE-2025-31200
CVE-2025-31200
Description
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=15.0,<15.4.1
- (no CPE)range: < 15.4.1
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*range: <11.5
- (no CPE)range: < 11.5
- Range: < 18.4.1
Patches
Vulnerability mechanics
References
15- blog.noahhw.dev/posts/cve-2025-31200/nvdBroken LinkExploit
- github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.mdnvdExploitBroken Link
- seclists.org/fulldisclosure/2025/Apr/26nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Jun/14nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/May/10nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Oct/0nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Oct/4nvdMailing ListThird Party Advisory
- support.apple.com/en-us/122282nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122400nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122401nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122402nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122722nvdRelease NotesVendor Advisory
- github.com/cisagov/vulnrichment/issues/200nvdIssue Tracking
- news.ycombinator.com/itemnvdIssue Tracking
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.