CVE-2025-31200

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Apple Products macOS versions prior to 15.4.1 tvOS versions prior to 18.4.1 visionOS versions prior to 2.4.1 iOS versions prior to 18.4.1 iPadOS versions prior to 18.4.1 watchOS versions prior to 11.5

Description A memory corruption issue exists in the CoreAudio framework across Apple products. This issue is addressed by improved bounds checking. Processing a maliciously crafted media file containing an audio stream may lead to code execution. Apple is aware of reports indicating this issue was exploited in highly sophisticated attacks targeting specific individuals on iOS. The vulnerability involves an out-of-bounds write when decoding audio streams. The

AudioConverterService

is a component involved in the issue.

Recommendations Update macOS to version 15.4.1 or later. Update tvOS to version 18.4.1 or later. Update visionOS to version 2.4.1 or later. Update iOS to version 18.4.1 or later. Update iPadOS to version 18.4.1 or later. Update watchOS to version 11.5 or later.

Exploit

Fix

RCE

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2025-04742

BDU:2025-04973

CVE-2025-31200

Affected Products

Apple Macos

Ios

Ipados

Macos Sequoia

Tvos

Visionos

CVE-2025-31200

Weakness Enumeration

Related Identifiers

Affected Products

References · 178