PT-2025-16877 · Apple · Visionos +5

Todsacerdoti

Published

2024-04-16

Updated

2025-07-27

CVE-2025-31200

Report an issue

CVSS v2.0

7.6

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

**Name of the Vulnerable Software and Affected Versions:**

Apple macOS Sequoia

Apple tvOS versions 18.4.1 and earlier

Apple visionOS versions 2.4.1 and earlier

Apple iOS versions 18.4.1 and earlier

Apple iPadOS versions 18.4.1 and earlier

Apple watchOS versions prior to 11.5

**Description:**

A memory corruption issue exists in the CoreAudio framework, addressed through improved bounds checking. Processing a maliciously crafted audio stream within a media file may lead to code execution. Apple is aware of reports indicating exploitation of this issue in highly sophisticated attacks targeting specific individuals on iOS.

**Recommendations:**

Apple macOS Sequoia versions prior to 15.4.1

Apple tvOS versions prior to 18.4.1

Apple visionOS versions prior to 2.4.1

Apple iOS versions prior to 18.4.1

Apple iPadOS versions prior to 18.4.1

Apple watchOS versions prior to 11.5

Exploit

Fix

RCE

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2025-04742

CVE-2025-31200

Affected Products

Apple Macos

Ios

Ipados

Macos Sequoia

Tvos

Visionos

PT-2025-16877 · Apple · Visionos +5

Weakness Enumeration

Related Identifiers

Affected Products

References · 157