CVE-2025-31200 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
apple	CNA	---				---
CISA-ADP	ADP	7.5 HIGH	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Vendor	Product	Version
apple	macos	𝑥 < 15.4.1
apple	tvos	𝑥 < 18.4.1
apple	visionos	𝑥 < 2.4.1
apple	ipados	𝑥 < 18.4.1
apple	iphone_os	𝑥 < 18.4.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

Vulnerability Media Exposure

[GERMAN] Gezielte Angriffe auf iPhones: Apple patcht Betriebssysteme außerhalb der Reihe
Die Updates sollen zwei Zero-Day-Lücken beseitigen, die offenbar für gezielte Angriffe genutzt wurden. Auch ein CarPlay-Problem geht Apple an.
Published: 2025-04-17T07:23:00+00:00
[ENGLISH] Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
Apple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-31200 (CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio
Published: 2025-04-17T09:03:00+05:30
[GERMAN] Apple iOS, iPadOS und macOS: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple iOS, Apple iPadOS und Apple macOS ausnutzen, um beliebigen Programmcode auszuführen und um Sicherheitsmechanismen zu umgehen.
Published: 2025-04-16T22:00:00+00:00
[ENGLISH] ⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
Can a harmless click really lead to a full-blown cyberattack? Surprisingly, yes — and that’s exactly what we saw in last week’s activity. Hackers are getting better at hiding inside everyday actions: opening a file, running a project, or logging in like normal. No loud alerts. No obvious red flags. Just quiet entry through small gaps — like a misconfigured pipeline, a trusted browser feature,
Published: 2025-04-21T15:40:00+05:30
[GERMAN] iPhone-Nutzer attackiert: Apple warnt vor aktiv ausgenutzten iOS-Lücken
Zwei Sicherheitslücken in iOS wurden für gezielte Angriffe ausgenutzt. Auch andere Apple-Systeme sind anfällig. Anwender sollten dringend patchen. (<a href="https://www.golem.de/specials/sicherheitsluecke/">Sicherheitslücke</a>, <a href="https://www.golem.de/specials/apple/">Apple</a>) <img alt="" height="1" src="https://cpx.golem.de/cpx.php?class=17&aid=195439&page=1&ts=1744871342" width="1" />
Published: 2025-04-17T08:29:11+02:00

References

https://support.apple.com/en-us/122282

https://support.apple.com/en-us/122400

https://support.apple.com/en-us/122401

https://support.apple.com/en-us/122402