Critical severity9.8CISA KEVNVD Advisory· Published Apr 16, 2025· Updated Apr 3, 2026
CVE-2025-31201
CVE-2025-31201
Description
This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Affected products
5Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.mdnvdExploitBroken Link
- seclists.org/fulldisclosure/2025/Apr/26nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Jun/14nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Oct/0nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Oct/3nvdMailing ListThird Party Advisory
- seclists.org/fulldisclosure/2025/Oct/4nvdMailing ListThird Party Advisory
- support.apple.com/en-us/122282nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122400nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122401nvdRelease NotesVendor Advisory
- support.apple.com/en-us/122402nvdRelease NotesVendor Advisory
- github.com/cisagov/vulnrichment/issues/200nvdIssue Tracking
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.