CVE-2025-31201

CRITICAL KEV

Apple Macos < 15.4.1 - Denial of Service

Title source: rule

Description

This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1, tvOS 18.4.1, visionOS 2.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Exploits (1)

github WRITEUP 183 stars
by JGoyd · poc
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201

References (12)

Scores

CVSS v3 9.8
EPSS 0.0225
EPSS Percentile 84.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-04-17
VulnCheck KEV 2025-04-16
ENISA EUVD EUVD-2025-11381
CWE
CWE-1220
Status published
Products (9)
Apple/iOS and iPadOS < 18.4.1
apple/ipados < 18.4.1
apple/iphone_os < 18.4.1
apple/macos < 15.4.1
Apple/macOS < 15.4.1
apple/tvos < 18.4.1
Apple/tvOS < 18.4.1
apple/visionos < 2.4.1
Apple/visionOS < 2.4.1
Published Apr 16, 2025
KEV Added Apr 17, 2025
Tracked Since Feb 18, 2026