← Back

CVE-2025-24200

nvd nist
Published: Feb 10, 2025Modified: Apr 3, 2026CISA KEV

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 0.9 / Impact: 5.2
Source: NVD

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Affected (7)

Products: Apple: Ipados, Iphone Os
Apple
2 products
Ipados
Iphone Os
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Apple
Ipados
Before 15.8.4
Ipados
From 16.0 to 16.7.11
Ipados
From 17.0 to 17.7.5
Ipados
From 18.0 to 18.3.1
Apple
Iphone Os
Before 15.8.4
Iphone Os
From 16.0 to 16.7.11
Iphone Os
From 17.0 to 18.3.1

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (8)

Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: product-security@apple.com
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.