Cyber Resilience

CVE-2025-31200

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 16 April 2025

Published
16 April 2025
Modified
03 April 2026
KEV Added
17 April 2025
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0170 82.7th percentile
Risk Priority 41 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-31200 is a critical-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 17.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A memory corruption vulnerability addressed through improved bounds checking affects the processing of audio streams within media files on multiple Apple platforms. Impacted software includes iOS and iPadOS prior to 18.4.1, macOS Sequoia prior to 15.4.1, tvOS prior to 18.4.1, visionOS prior to 2.4.1, and watchOS prior to 11.5. The flaw is tracked as CWE-119 and carries a CVSS 3.1 score of 9.8, reflecting network-accessible exploitation without authentication or user interaction.

An attacker can supply a maliciously crafted media file containing a specially formed audio stream. Successful exploitation grants arbitrary code execution on the target device. Apple has stated that the issue was used in an extremely sophisticated, targeted attack against specific individuals on older iOS versions.

Apple security advisories for the listed updates confirm that installing iOS 18.4.1, iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, or watchOS 11.5 resolves the vulnerability. The referenced support documents detail the affected builds and direct users to apply the patches.

The EPSS score remains low, with a current value of 0.0170 and a peak of 0.0212, indicating limited broad exploitation interest following disclosure.

EU & UK References

Vulnerability details

A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may…

more

result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.

CWE(s)
KEV Date Added
17 April 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
macos
15.0 — 15.4.1
apple
tvos
≤ 18.4.1
apple
visionos
≤ 2.4.1
apple
ipados
≤ 18.4.1
apple
iphone os
≤ 18.4.1
apple
watchos
≤ 11.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces input validation and bounds checking on untrusted audio streams in media files, preventing the memory corruption that enables code execution.

prevent

Requires timely application of vendor patches that add the improved bounds checking needed to close this exact flaw across affected Apple platforms.

prevent

Provides memory protection mechanisms that can limit the ability of a memory-corruption flaw in the media pipeline to achieve arbitrary code execution.

References