CVE-2025-31200

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122282	Release Notes Vendor Advisory
https://support.apple.com/en-us/122400	Release Notes Vendor Advisory
https://support.apple.com/en-us/122401	Release Notes Vendor Advisory
https://support.apple.com/en-us/122402	Release Notes Vendor Advisory
https://blog.noahhw.dev/posts/cve-2025-31200/	Exploit Broken Link
https://news.ycombinator.com/item?id=44161894	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

History

09 Jun 2025, 20:59

Type	Values Removed	Values Added
References	~~() https://blog.noahhw.dev/posts/cve-2025-31200/ - Exploit~~	() https://blog.noahhw.dev/posts/cve-2025-31200/ - Exploit, Broken Link

06 Jun 2025, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 6.8

03 Jun 2025, 20:53

Type	Values Removed	Values Added
References	~~() https://blog.noahhw.dev/posts/cve-2025-31200/ -~~	() https://blog.noahhw.dev/posts/cve-2025-31200/ - Exploit
References	~~() https://news.ycombinator.com/item?id=44161894 -~~	() https://news.ycombinator.com/item?id=44161894 - Issue Tracking

02 Jun 2025, 20:15

Type	Values Removed	Values Added
Summary		(es) Se solucionó un problema de corrupción de memoria mejorando la comprobación de los límites. Este problema se solucionó en tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 y iPadOS 18.4.1, y macOS Sequoia 15.4.1. Procesar una secuencia de audio en un archivo multimedia manipulado con fines maliciosos puede provocar la ejecución de código. Apple tiene conocimiento de un informe que indica que este problema podría haber sido explotado en un ataque extremadamente sofisticado contra individuos específicos en iOS.
References		() https://blog.noahhw.dev/posts/cve-2025-31200/ - () https://news.ycombinator.com/item?id=44161894 -

18 Apr 2025, 13:50

Type	Values Removed	Values Added
CWE		CWE-787
First Time		Apple visionos Apple macos Apple iphone Os Apple tvos Apple Apple ipados
CPE		cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:visionos::::::::
References	~~() https://support.apple.com/en-us/122282 -~~	() https://support.apple.com/en-us/122282 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122400 -~~	() https://support.apple.com/en-us/122400 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122401 -~~	() https://support.apple.com/en-us/122401 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122402 -~~	() https://support.apple.com/en-us/122402 - Release Notes, Vendor Advisory

16 Apr 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-16 19:15

Updated : 2025-06-09 20:59

NVD link : CVE-2025-31200

Mitre link : CVE-2025-31200

CVE.ORG link : CVE-2025-31200

JSON object : View

Products Affected

apple

iphone_os
visionos
ipados
macos
tvos

CWE

CWE-787

Out-of-bounds Write

6.8 /10