CVE-2025-31200

ENISA EUVD: EUVD-2025-11380 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 3, 2026 7 articles Published: 2025-04-16
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
1.77%
probability
This CVE has a 1.77% probability of being exploited in the next 30 days.
0% Top 82.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
9.8
CRITICAL
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)
A memory corruption issue was addressed with improved bounds checking. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1, watchOS 11.5. Processing an audio stream in a maliciously crafted media file may result in code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS released before iOS 18.4.1.

Affected Products

Apple
iOS and iPadOS
0
Apple
macOS
0
Apple
tvOS
0
Apple
visionOS
0
Apple
watchOS
0

Attack Intelligence

Google Project Zero

Patched
April 16, 2025
Reported by
Apple and Google Threat Analysis Group

Exploits & PoC

JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201

CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitat

198 2026-05-05
zhuowei/apple-positional-audio-codec-invalid-header

CVE-2025-31200 - @Noahhw46 figured it out

118 2025-06-02
hunters-sec/CVE-2025-31200

IOS audio buffer overflow CVE-2025-31200 POC

11 2025-08-28
serundengsapi/CVE-2025-31200-iOS-AudioConverter-RCE

Public disclosure of CVE-2025-31200 – Zero-click RCE in iOS 18.X via AudioConverterService and malicious audio file.

2 2025-05-19
4 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
95%
EPSS 1.77%
CVSS v3.1 9.8
Mentions 7
Last Seen Dec 13, 2025

CNA Information

CNA Assigner
apple

Analyst Note

CVE-2025-31200 is confirmed as a critical zero-day (CVSS 9.8) exploited in sophisticated targeted attacks against specific users, with reports from Google Project Zero and multiple reputable security sources including BleepingComputer. Apple has issued patches across multiple platforms (visionOS, tvOS, iOS, iPadOS, macOS), demonstrating the vulnerability's severity and real-world exploitation.

Threat Actors 7

Hacking Team
apt_group 🇮🇹 IT
Tick
apt_group Information theft and espionage 🇨🇳 CN
Infy
apt_group Information theft and espionage 🇮🇷 IR
Operation Red Signature
apt_group Information theft and espionage 🇨🇳 CN
Mana Team
apt_group 🇨🇳 CN
Operation Triangulation
apt_group Information theft and espionage 🇷🇺 RU
Lurk
apt_group Financial crime 🇷🇺 RU

Triage Info

Decided atMar 03, 2026
Published DateApr 16, 2025