CVE-2025-31201

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-31201
This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/122282 Release Notes Vendor Advisory
https://support.apple.com/en-us/122400 Release Notes Vendor Advisory
https://support.apple.com/en-us/122401 Release Notes Vendor Advisory
https://support.apple.com/en-us/122402 Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
History

06 Jun 2025, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.8 		v2 : unknown
v3 : 7.5
Summary
  • (es) Este problema se solucionó eliminando el código vulnerable. Este problema se ha corregido en tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 y iPadOS 18.4.1, y macOS Sequoia 15.4.1. Un atacante con capacidad de lectura y escritura arbitraria podría eludir la autenticación de puntero. Apple tiene conocimiento de un informe que indica que este problema podría haber sido explotado en un ataque extremadamente sofisticado contra individuos específicos en iOS.

18 Apr 2025, 13:47

Type Values Removed Values Added
CPE cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Apple visionos
Apple macos
Apple iphone Os
Apple tvos
Apple
Apple ipados
References () https://support.apple.com/en-us/122282 - () https://support.apple.com/en-us/122282 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122400 - () https://support.apple.com/en-us/122400 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122401 - () https://support.apple.com/en-us/122401 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122402 - () https://support.apple.com/en-us/122402 - Release Notes, Vendor Advisory

16 Apr 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-16 19:15

Updated : 2025-06-09 20:59

NVD link : CVE-2025-31201

Mitre link : CVE-2025-31201

CVE.ORG link : CVE-2025-31201

JSON object : View

Products Affected

apple

  • iphone_os
  • visionos
  • ipados
  • macos
  • tvos
CWE
NVD-CWE-noinfo