Critical severity9.8CISA KEVNVD Advisory· Published Apr 16, 2025· Updated Apr 3, 2026
CVE-2025-31200
CVE-2025-31200
Description
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.
Affected products
6Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- blog.noahhw.dev/posts/cve-2025-31200/nvdBroken LinkExploit
- github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.mdnvdExploitBroken Link
- seclists.org/fulldisclosure/2025/Apr/26nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Jun/14nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/May/10nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Oct/0nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Oct/4nvdMailing ListThird Party Advisory
- support.apple.com/en-us/122282nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122400nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122401nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122402nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122722nvdRelease NotesVendor Advisory
- github.com/cisagov/vulnrichment/issues/200nvdIssue Tracking
- news.ycombinator.com/itemnvdIssue Tracking
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.