CVE-2025-31200

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-31200
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

6.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/122282 Release Notes Vendor Advisory
https://support.apple.com/en-us/122400 Release Notes Vendor Advisory
https://support.apple.com/en-us/122401 Release Notes Vendor Advisory
https://support.apple.com/en-us/122402 Release Notes Vendor Advisory
https://blog.noahhw.dev/posts/cve-2025-31200/ Broken Link Exploit
https://news.ycombinator.com/item?id=44161894 Issue Tracking
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200 US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
History

23 Oct 2025, 18:53

Type Values Removed Values Added
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200 - US Government Resource

21 Oct 2025, 23:16

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200 -

21 Oct 2025, 20:20

Type Values Removed Values Added
References
  • {'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}

21 Oct 2025, 19:21

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200 -
References () https://blog.noahhw.dev/posts/cve-2025-31200/ - Exploit, Broken Link () https://blog.noahhw.dev/posts/cve-2025-31200/ - Broken Link, Exploit

09 Jun 2025, 20:59

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 6.8
References
  • () https://blog.noahhw.dev/posts/cve-2025-31200/ - Exploit, Broken Link
  • () https://news.ycombinator.com/item?id=44161894 - Issue Tracking
Summary
  • (es) Se solucionó un problema de corrupción de memoria mejorando la comprobación de los límites. Este problema se solucionó en tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 y iPadOS 18.4.1, y macOS Sequoia 15.4.1. Procesar una secuencia de audio en un archivo multimedia manipulado con fines maliciosos puede provocar la ejecución de código. Apple tiene conocimiento de un informe que indica que este problema podría haber sido explotado en un ataque extremadamente sofisticado contra individuos específicos en iOS.

18 Apr 2025, 13:50

Type Values Removed Values Added
References () https://support.apple.com/en-us/122282 - () https://support.apple.com/en-us/122282 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122400 - () https://support.apple.com/en-us/122400 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122401 - () https://support.apple.com/en-us/122401 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122402 - () https://support.apple.com/en-us/122402 - Release Notes, Vendor Advisory
CWE CWE-787
First Time Apple iphone Os
Apple
Apple tvos
Apple visionos
Apple ipados
Apple macos
CPE cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

16 Apr 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-16 19:15

Updated : 2025-10-23 18:53

NVD link : CVE-2025-31200

Mitre link : CVE-2025-31200

CVE.ORG link : CVE-2025-31200

JSON object : View

Products Affected

apple

  • visionos
  • iphone_os
  • macos
  • ipados
  • tvos
CWE
CWE-787

Out-of-bounds Write