CVE-2025-31200 vulnerability in Apple Products
Published on April 16, 2025
Known Exploited Vulnerability
This Apple Multiple Products Memory Corruption Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
The following remediation steps are recommended / required by May 8, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
What is a Memory Corruption Vulnerability?
The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
CVE-2025-31200 has been classified to as a Memory Corruption vulnerability or weakness.
Products Associated with CVE-2025-31200
You can be notified by stack.watch whenever vulnerabilities like CVE-2025-31200 are published in these products:
What versions are vulnerable to CVE-2025-31200?
-
Apple macOS
Fixed in Version 15.4.1
-
Apple tvOS
Fixed in Version 18.4.1
-
Apple visionOS
Fixed in Version 2.4.1
-
Apple iPadOS
Fixed in Version 18.4.1
-
Apple Iphone Os
Fixed in Version 18.4.1