7.5 CVE-2025-31201

CISA Kev Catalog
 

This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 18.4.1, visionOS 2.4.1, iOS iOS 18.4.1 and iPadOS 18.4.1, macOS Sequoia 15.4.1. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.
https://nvd.nist.gov/vuln/detail/CVE-2025-31201

Categories

CWE-NVD-noinfo

References

134c704f-9b21-4f2e-91b3-4a467353bcc0

af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2025/Apr/26
Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Jun/14
Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Oct/0
Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Oct/3
Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Oct/4
Mailing List Third Party Advisory

product-security@apple.com

https://support.apple.com/en-us/122282
Release Notes Vendor Advisory
https://support.apple.com/en-us/122400
Release Notes Vendor Advisory
https://support.apple.com/en-us/122401
Release Notes Vendor Advisory
https://support.apple.com/en-us/122402
Release Notes Vendor Advisory


 

CPE

cpe start end
Configuration 1
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* < 15.4.1
Configuration 2
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* < 18.4.1
Configuration 3
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* < 2.4.1
Configuration 4
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* < 18.4.1
Configuration 5
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* < 18.4.1

REMEDIATION


EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry