CVE-2025-31200CRITICAL 9.8CISA KEVEPSS p97.3%

CVE-2025-31200Apple Multiple Products Memory Corruption Vulnerability

Apple / Multiple Products

Description

Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS21.25% probability of exploitation · percentile 97.3% · 2026-06-18T12:00:27Z
Published2025-04-16
Last modified2026-04-03

CISA KEV entry

Added to KEV: 2025-04-17

Underlying weaknesses· 1

CWE-119

References

  1. https://support.apple.com/en-us/122282
  2. https://support.apple.com/en-us/122400
  3. https://support.apple.com/en-us/122401
  4. https://support.apple.com/en-us/122402
  5. https://support.apple.com/en-us/122722
  6. http://seclists.org/fulldisclosure/2025/Apr/26
  7. http://seclists.org/fulldisclosure/2025/Jun/14
  8. http://seclists.org/fulldisclosure/2025/May/10

1

TypeTargetConfidenceTier
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-1190%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryApple Multiple Products Memory Corruption Vulnerabilitykev-cve-2025-312000%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Apple Multiple Products Buffer Overflow Vulnerability
CVE
Apple iOS Memory Corruption Vulnerability
CVE
Apple Multiple Products Code Execution Vulnerability
CVE
Apple Multiple Products Classic Buffer Overflow Vulnerability
CVE
Apple Multiple Products WebKit Memory Corruption Vulnerability
CVE
Apple Multiple Products Memory Initialization Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.