CVE-2025-24095

This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass Privacy preferences.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.1 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122371	Vendor Advisory
https://support.apple.com/en-us/122378	Vendor Advisory
http://seclists.org/fulldisclosure/2025/Apr/12
http://seclists.org/fulldisclosure/2025/Apr/4

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:visionos::::::::

History

03 Nov 2025, 21:19

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2025/Apr/12 - () http://seclists.org/fulldisclosure/2025/Apr/4 -

Information

Published : 2025-03-31 23:15

Updated : 2025-11-03 21:19

NVD link : CVE-2025-24095

Mitre link : CVE-2025-24095

CVE.ORG link : CVE-2025-24095

JSON object : View

Products Affected

apple

visionos
iphone_os
ipados

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

{"id": "CVE-2025-24095", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.1}]}, "published": "2025-03-31T23:15:16.117", "references": [{"url": "https://support.apple.com/en-us/122371", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/122378", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/12", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-288"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4. An app may be able to bypass Privacy preferences."}, {"lang": "es", "value": "Este problema se solucion\u00f3 con comprobaciones de derechos adicionales. Este problema est\u00e1 corregido en visionOS 2.4, iOS 18.4 y iPadOS 18.4. Es posible que una aplicaci\u00f3n pueda omitir las preferencias de privacidad."}], "lastModified": "2025-11-03T21:19:16.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B3450F7-7B4A-46CE-A6E0-BBE6569F2EBF", "versionEndExcluding": "18.4"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990", "versionEndExcluding": "18.4"}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E82603D7-A630-4B9B-9C51-880667F05EC7", "versionEndExcluding": "2.4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}