A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.
Conclusion & alert: CVE-2025-31200 is rated Critical Active Threat (97.9/100): CVSS Critical severity, with high exploitation likelihood (EPSS 21.25%, 97th percentile). Core evidence: CISA KEV confirms active exploitation (added 2025-04-17) affecting Apple / Multiple Products. a weakness (CWE-119) Unauthenticated remote administrative access may be possible. Mandatory action: The CISA remediation deadline has passed—treat as an emergency patch priority.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
: Apple Multiple Products Memory Corruption Vulnerability · CISA KEV detail
: 2025-04-17
: 2025-05-08
: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| — | nvd_ref | exploit_tag | Exploit-DB ↗ | |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-16 | 21.59% | 21.25% | -0.33% |
| 2 | 2026-06-15 | 1.66% | 21.59% | +19.93% |
| 3 | 2026-05-25 | — | 1.66% | — |
Full EPSS history (24 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.8 | 3.1 | CRITICAL |
|
3.9 | 5.9 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| apple | macos | >= 15.0, < 15.4.1 | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| apple | tvos | < 18.4.1 | cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
| apple | visionos | < 2.4.1 | cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* |
| apple | ipados | < 18.4.1 | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
| apple | iphone_os | < 18.4.1 | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| apple | watchos | < 11.5 | cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |