Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31200

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Published

2025-04-16T19:15:54.540

Last Modified

2025-06-09T20:59:39.463

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	apple	macos	< 15.4.1	Yes
Operating System	apple	tvos	< 18.4.1	Yes
Operating System	apple	visionos	< 2.4.1	Yes
Operating System	apple	ipados	< 18.4.1	Yes
Operating System	apple	iphone_os	< 18.4.1	Yes

References

https://support.apple.com/en-us/122282 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/122400 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/122401 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/122402 Release Notes, Vendor Advisory ([email protected])
https://blog.noahhw.dev/posts/cve-2025-31200/ Exploit, Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://news.ycombinator.com/item?id=44161894 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)