CVE-2025-31200: A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and...
Description
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Known Exploited
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Classification
CVE ID: CVE-2025-31200
CVSS Base Severity: HIGH
CVSS Base Score: 7.5
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Problem Types
Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.Affected Products
Vendor: Apple
Product: visionOS, iOS iOS and iPadOS, tvOS, macOS
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.45% (probability of being exploited)
EPSS Percentile: 62.22% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-31200https://support.apple.com/en-us/122402
https://support.apple.com/en-us/122282
https://support.apple.com/en-us/122401
https://support.apple.com/en-us/122400