Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31201

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Published

2025-04-16T19:15:54.673

Last Modified

2025-11-25T13:42:26.020

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-1220

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	apple	macos	< 15.4.1	Yes
Operating System	apple	tvos	< 18.4.1	Yes
Operating System	apple	visionos	< 2.4.1	Yes
Operating System	apple	ipados	< 18.4.1	Yes
Operating System	apple	iphone_os	< 18.4.1	Yes

References

https://support.apple.com/en-us/122282 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/122400 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/122401 Release Notes, Vendor Advisory ([email protected])
https://support.apple.com/en-us/122402 Release Notes, Vendor Advisory ([email protected])
http://seclists.org/fulldisclosure/2025/Apr/26 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2025/Jun/14 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2025/Oct/0 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2025/Oct/3 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2025/Oct/4 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.md Exploit (134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://github.com/cisagov/vulnrichment/issues/200 Issue Tracking (134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31201 US Government Resource (134c704f-9b21-4f2e-91b3-4a467353bcc0)