CVE-2025-31201

CVE Database · CVE-2025-31201

CVE-2025-31201

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

12.36%

Published

Apr 16, 2025

Modified

Apr 3, 2026

CISA Known Exploited Vulnerability

Added: 2025-04-17 · Due: 2025-05-08

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-1220

Affected Products (5)

apple · macos (up to 15.4.1)vulnerable

apple · tvos (up to 18.4.1)vulnerable

apple · visionos (up to 2.4.1)vulnerable

apple · ipados (up to 18.4.1)vulnerable

apple · iphone_os (up to 18.4.1)vulnerable

References (12)

https://support.apple.com/en-us/122282