CVE-2025-31201

National Vulnerability Database Information

Descrizione: This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.

Base Score CVSS: 7.5 (v3.1)

Il **Base Score CVSS** è un punteggio da **0 a 10** che rappresenta la gravità intrinseca di una vulnerabilità. Un punteggio più alto indica una gravità maggiore.

Riferimenti NVD

• https://support.apple.com/en-us/122282
• https://support.apple.com/en-us/122400
• https://support.apple.com/en-us/122401
• https://support.apple.com/en-us/122402
• http://seclists.org/fulldisclosure/2025/Apr/26
• http://seclists.org/fulldisclosure/2025/Jun/14
• http://seclists.org/fulldisclosure/2025/Oct/0
• http://seclists.org/fulldisclosure/2025/Oct/3
• http://seclists.org/fulldisclosure/2025/Oct/4
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-31201

Exploit PoC da GitHub

• JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201: CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025).