Detections
Analytics

CVE-2025-31200

critical

Description

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.

References

http://seclists.org/fulldisclosure/2025/Oct/4

http://seclists.org/fulldisclosure/2025/Oct/0

http://seclists.org/fulldisclosure/2025/May/10

http://seclists.org/fulldisclosure/2025/Jun/14

http://seclists.org/fulldisclosure/2025/Apr/26

https://thehackernews.com/2025/12/apple-issues-security-updates-after-two.html

https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-day-flaws-exploited-in-sophisticated-attacks/

https://www.bleepingcomputer.com/news/security/apple-backports-zero-day-patches-to-older-iphones-and-ipads/

https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html

https://securityaffairs.com/181394/security/apple-addressed-the-seventh-actively-exploited-zero-day.html

https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-new-actively-exploited-zero-day/

https://www.bleepingcomputer.com/news/security/apple-patches-security-flaw-exploited-in-chrome-zero-day-attacks/

https://support.apple.com/en-us/122722

https://www.helpnetsecurity.com/2025/04/17/apple-plugs-zero-days-holes-used-in-targeted-iphone-attacks-cve-2025-31200-cve-2025-31201/

https://thehackernews.com/2025/04/apple-patches-two-actively-exploited.html

https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-exploited-in-targeted-iphone-attacks/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200

https://support.apple.com/en-us/122402

https://support.apple.com/en-us/122401

https://support.apple.com/en-us/122400

https://support.apple.com/en-us/122282

https://news.ycombinator.com/item?id=44161894

https://github.com/cisagov/vulnrichment/issues/200

Details

Source: Mitre, NVD

Published: 2025-04-16

Updated: 2026-04-03

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00195