CVE-2025-31201: This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1,...
Description
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
Known Exploited
🚨 Marked as known exploited on April 17th, 2025 (2 days ago).
Classification
CVE ID: CVE-2025-31201
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.8
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Problem Types
An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.Affected Products
Vendor: Apple
Product: visionOS, iOS iOS and iPadOS, tvOS, macOS
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.5% (probability of being exploited)
EPSS Percentile: 64.62% (scored less or equal to compared to others)
EPSS Date: 2025-04-18 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-31201https://support.apple.com/en-us/122402
https://support.apple.com/en-us/122282
https://support.apple.com/en-us/122401
https://support.apple.com/en-us/122400