CVE-2025-31200

CVSS v2.0

7.6

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Apple Products Memory Corruption Issue macOS versions prior to 15.4.1 tvOS versions prior to 18.4.1 visionOS versions prior to 2.4.1 iOS versions prior to 18.4.1 iPadOS versions prior to 18.4.1 watchOS versions prior to 11.5

Description A memory corruption issue exists in the CoreAudio framework across multiple Apple operating systems. This flaw, triggered by processing a maliciously crafted audio stream within a media file, could allow an attacker to execute arbitrary code. Apple is aware of reports indicating this issue was exploited in highly sophisticated attacks targeting specific individuals on iOS. The issue was addressed by improving bounds checking.

Recommendations Update macOS to version 15.4.1 or later. Update tvOS to version 18.4.1 or later. Update visionOS to version 2.4.1 or later. Update iOS to version 18.4.1 or later. Update iPadOS to version 18.4.1 or later. Update watchOS to version 11.5 or later.

Exploit

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2025-04742

CVE-2025-31200

Affected Products

Apple Macos

Ios

Ipados

Macos Sequoia

Tvos

Visionos

CVE-2025-31200

Weakness Enumeration

Related Identifiers

Affected Products

References · 168