CVE-2025-24200

An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.2

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122173	Release Notes Vendor Advisory
https://support.apple.com/en-us/122174	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Apr/7	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Feb/7	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2025/Feb/8	Mailing List Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24200	US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os::::::::

History

04 Nov 2025, 15:23

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2025/Apr/7 - Mailing List, Third Party Advisory

Information

Published : 2025-02-10 19:15

Updated : 2025-11-04 15:23

NVD link : CVE-2025-24200

Mitre link : CVE-2025-24200

CVE.ORG link : CVE-2025-24200

JSON object : View

Products Affected

apple

iphone_os
ipados

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2025-24200", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.9}]}, "published": "2025-02-10T19:15:40.107", "references": [{"url": "https://support.apple.com/en-us/122173", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/122174", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/7", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Feb/7", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Feb/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24200", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de autorizaci\u00f3n con una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en iPadOS 17.7.5, iOS 18.3.1 y iPadOS 18.3.1. Un ataque f\u00edsico puede desactivar el modo restringido de USB en un dispositivo bloqueado. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado en un ataque extremadamente sofisticado contra individuos espec\u00edficos. "}], "lastModified": "2025-11-04T15:23:42.597", "cisaActionDue": "2025-03-05", "cisaExploitAdd": "2025-02-12", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "307F4698-5786-4CA5-98A8-E3AAF1E7A09D", "versionEndExcluding": "15.8.4"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5E5F39B-44E2-4B72-8FC3-B5224F0E26F3", "versionEndExcluding": "17.7.5", "versionStartIncluding": "16.0"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A77F4D69-3C11-4074-A7E6-C85767F026EF", "versionEndExcluding": "18.3.1", "versionStartIncluding": "18.0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8A92F23-F3AF-4365-B405-70AFC1D9ECB3", "versionEndExcluding": "15.8.4"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81B77B4A-A57B-43BC-B404-E3E75F80A3A3", "versionEndExcluding": "18.3.1", "versionStartIncluding": "16.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Apple iOS and iPadOS Incorrect Authorization Vulnerability"}