← back
CVE-2025-31200

CVE-2025-31200

CVSS 9.8 CRITICALEPSS 21.3%● KEVCWE-119
In short

A flaw in how Apple devices process audio in media files allows attackers to run malicious code by crafting a specially designed file. This is critical because it can be exploited remotely without user interaction beyond opening the file.

Technical detail

A buffer overflow vulnerability (CWE-119) in audio stream processing allows arbitrary code execution when a maliciously crafted media file is processed. The attack requires no user interaction beyond file processing, and Apple confirms active exploitation against targeted iOS users on unpatched versions.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · tvOSApple · visionOSApple · watchOS
public PoCs found4
githubgithub.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201200githubgithub.com/zhuowei/apple-positional-audio-codec-invalid-header118githubgithub.com/hunters-sec/CVE-2025-3120011githubgithub.com/serundengsapi/CVE-2025-31200-iOS-AudioConverter-RCE2
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.noahhw.dev/posts/cve-2025-31200/http://seclists.org/fulldisclosure/2025/Apr/26http://seclists.org/fulldisclosure/2025/Jun/14http://seclists.org/fulldisclosure/2025/May/10http://seclists.org/fulldisclosure/2025/Oct/0http://seclists.org/fulldisclosure/2025/Oct/4https://github.com/cisagov/vulnrichment/issues/200https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201/blob/main/Remote%20Crypto%20Attack%20Chain%20.mdhttps://news.ycombinator.com/item?id=44161894https://support.apple.com/en-us/122282https://support.apple.com/en-us/122400https://support.apple.com/en-us/122401