Known Exploited Vulnerabilities CVE-2025-31201

Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability secondary_impact T1562 Impair Defenses
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability secondary_impact T1106 Native API
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability secondary_impact T1059 Command and Scripting Interpreter
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability secondary_impact T1001 Data Obfuscation
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References
CVE-2025-31201 Apple Multiple Products Arbitrary Read and Write Vulnerability secondary_impact T1557 Adversary-in-the-Middle
Comments
A strategic zero-click iMessage exploit chain (CVE-2025-31200 / 31201) has been reported as compromising targeted devices with Paragon's Graphite spyware. Observed impacts include Secure Enclave key exfiltration, silent wallet theft, C2 infrastructure, and persistent C2 communication.
References