7.6
CVE-2025-24095
- EPSS 0.61%
- Veröffentlicht 31.03.2025 23:15:16
- Zuletzt bearbeitet 02.04.2026 19:18:58
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.61% | 0.45 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.6 | 2.1 | 5.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122378
http://seclists.org/fulldisclosure/2025/Apr/12
http://seclists.org/fulldisclosure/2025/Apr/4