CVE-2025-31200

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-31200
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/122282 Release Notes Vendor Advisory
https://support.apple.com/en-us/122400 Release Notes Vendor Advisory
https://support.apple.com/en-us/122401 Release Notes Vendor Advisory
https://support.apple.com/en-us/122402 Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Apr/26 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Jun/14 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/May/10 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Oct/0 Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Oct/4 Mailing List Third Party Advisory
https://blog.noahhw.dev/posts/cve-2025-31200/ Broken Link Exploit
https://news.ycombinator.com/item?id=44161894 Issue Tracking
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200 US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
History

04 Nov 2025, 16:21

Type Values Removed Values Added
First Time Apple watchos
CPE cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
References () http://seclists.org/fulldisclosure/2025/Apr/26 - () http://seclists.org/fulldisclosure/2025/Apr/26 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2025/Jun/14 - () http://seclists.org/fulldisclosure/2025/Jun/14 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2025/May/10 - () http://seclists.org/fulldisclosure/2025/May/10 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2025/Oct/0 - () http://seclists.org/fulldisclosure/2025/Oct/0 - Mailing List, Third Party Advisory
References () http://seclists.org/fulldisclosure/2025/Oct/4 - () http://seclists.org/fulldisclosure/2025/Oct/4 - Mailing List, Third Party Advisory

03 Nov 2025, 20:18

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2025/Apr/26 -
  • () http://seclists.org/fulldisclosure/2025/Jun/14 -
  • () http://seclists.org/fulldisclosure/2025/May/10 -

03 Nov 2025, 19:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2025/Oct/0 -

03 Nov 2025, 18:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2025/Oct/4 -

29 Oct 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.8 		v2 : unknown
v3 : 7.1

23 Oct 2025, 18:53

Type Values Removed Values Added
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200 - US Government Resource

21 Oct 2025, 23:16

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200 -

21 Oct 2025, 20:20

Type Values Removed Values Added
References
  • {'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}

21 Oct 2025, 19:21

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31200 -
References () https://blog.noahhw.dev/posts/cve-2025-31200/ - Exploit, Broken Link () https://blog.noahhw.dev/posts/cve-2025-31200/ - Broken Link, Exploit

09 Jun 2025, 20:59

Type Values Removed Values Added
References () https://blog.noahhw.dev/posts/cve-2025-31200/ - Exploit () https://blog.noahhw.dev/posts/cve-2025-31200/ - Exploit, Broken Link

06 Jun 2025, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 6.8

03 Jun 2025, 20:53

Type Values Removed Values Added
References () https://blog.noahhw.dev/posts/cve-2025-31200/ - () https://blog.noahhw.dev/posts/cve-2025-31200/ - Exploit
References () https://news.ycombinator.com/item?id=44161894 - () https://news.ycombinator.com/item?id=44161894 - Issue Tracking

02 Jun 2025, 20:15

Type Values Removed Values Added
References
  • () https://blog.noahhw.dev/posts/cve-2025-31200/ -
  • () https://news.ycombinator.com/item?id=44161894 -
Summary
  • (es) Se solucionó un problema de corrupción de memoria mejorando la comprobación de los límites. Este problema se solucionó en tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1 y iPadOS 18.4.1, y macOS Sequoia 15.4.1. Procesar una secuencia de audio en un archivo multimedia manipulado con fines maliciosos puede provocar la ejecución de código. Apple tiene conocimiento de un informe que indica que este problema podría haber sido explotado en un ataque extremadamente sofisticado contra individuos específicos en iOS.

18 Apr 2025, 13:50

Type Values Removed Values Added
CWE CWE-787
First Time Apple iphone Os
Apple visionos
Apple macos
Apple tvos
Apple ipados
Apple
CPE cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
References () https://support.apple.com/en-us/122282 - () https://support.apple.com/en-us/122282 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122400 - () https://support.apple.com/en-us/122400 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122401 - () https://support.apple.com/en-us/122401 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122402 - () https://support.apple.com/en-us/122402 - Release Notes, Vendor Advisory

16 Apr 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-04-16 19:15

Updated : 2025-11-04 16:21

NVD link : CVE-2025-31200

Mitre link : CVE-2025-31200

CVE.ORG link : CVE-2025-31200

JSON object : View

Products Affected

apple

  • tvos
  • ipados
  • macos
  • watchos
  • iphone_os
  • visionos
CWE
CWE-787

Out-of-bounds Write