CVE-2025-31200 | Armis Vulnerability Intelligence Database

Description Preview

CVE-2025-31200 is a vulnerability that affects multiple Apple products, including visionOS, iOS, iPadOS, tvOS, and macOS. The vulnerability arises from a memory corruption issue that can be triggered by processing an audio stream contained within a maliciously crafted media file. This flaw may lead to code execution, potentially allowing an attacker to gain control over the affected device. Apple has acknowledged that this vulnerability may have been exploited in sophisticated attacks targeting specific individuals on iOS. The issue has been addressed in subsequent updates to the affected products.

Overview

CVE ID: CVE-2025-31200
Vendor: Apple
Affected Products:
- visionOS (versions less than 2.4)
- iOS and iPadOS (versions less than 18.4)
- tvOS (versions less than 18.4)
- macOS (versions less than 15.4)
Severity: High (CVSS 3.1 Base Score: 7.5)
Attack Vector: Network
User Interaction: Required
Impact: High (confidentiality, integrity, and availability)

Remediation

Apple has released updates to mitigate the vulnerability. Users are advised to update their devices to the following versions:

tvOS: 18.4.1
visionOS: 2.4.1
iOS: 18.4.1
iPadOS: 18.4.1
macOS: Sequoia 15.4.1

It is crucial for users to apply these updates promptly to protect against potential exploitation.

References

Early Warning

Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.

Armis Alert Date: Apr 16, 2025
CISA KEV Date: Apr 17, 2025

1day early

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

Public Administration: High
Public Administration
Manufacturing: Medium
Manufacturing
Health Care & Social Assistance: Medium
Health Care & Social Assistance
Educational Services: Medium
Educational Services
Finance and Insurance: Medium
Finance and Insurance
Retail Trade: Medium
Retail Trade
Transportation & Warehousing: Medium
Transportation & Warehousing
Professional, Scientific, & Technical Services: Medium
Professional, Scientific, & Technical Services
Utilities: Medium
Utilities
Other Services (except Public Administration): Medium
Other Services (except Public Administration)
Arts, Entertainment & Recreation: Medium
Arts, Entertainment & Recreation
Information: Low
Information
Management of Companies & Enterprises: Low
Management of Companies & Enterprises
Accommodation & Food Services: Low
Accommodation & Food Services
Agriculture, Forestry Fishing & Hunting: Low
Agriculture, Forestry Fishing & Hunting
Real Estate Rental & Leasing: Low
Real Estate Rental & Leasing
Mining: Low
Mining
Construction: Low
Construction
Administrative, Support, Waste Management & Remediation Services: Low
Administrative, Support, Waste Management & Remediation Services
Wholesale Trade: Low
Wholesale Trade

^{CVE-2025-31200:}A memory corruption issue in Apple products allows for code execution when processing a maliciously crafted audio stream.