CVE-2025-31200

CVSS v3.1

9.8

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apple macOS versions prior to 15.4.1 Apple tvOS versions prior to 18.4.1 Apple visionOS versions prior to 2.4.1 Apple iOS versions prior to 18.4.1 Apple iPadOS versions prior to 18.4.1 Apple watchOS versions prior to 11.5

Description A memory corruption issue exists in the CoreAudio framework, potentially allowing remote code execution when processing maliciously crafted audio streams within media files. Apple is aware of reports indicating this issue may have been exploited in sophisticated attacks targeting specific individuals on iOS. The vulnerability stems from insufficient bounds checking. The

AudioConverterService

is implicated in the exploitation process.

Recommendations Update macOS to version 15.4.1 or later. Update tvOS to version 18.4.1 or later. Update visionOS to version 2.4.1 or later. Update iOS to version 18.4.1 or later. Update iPadOS to version 18.4.1 or later. Update watchOS to version 11.5 or later.

Exploit

Fix

RCE

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2025-04742

BDU:2025-04973

CVE-2025-31200

Affected Products

Apple Macos

Ios

Ipados

Macos Sequoia

Tvos

Visionos

CVE-2025-31200

Weakness Enumeration

Related Identifiers

Affected Products

References · 190