6.1

CVE-2025-24200

Warning
Media report

An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Data is provided by the National Vulnerability Database (NVD)
AppleiPadOS Version < 17.7.5
AppleiPadOS Version >= 18.0 < 18.3.1
AppleiPhone OS Version < 18.3.1

12.02.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple iOS and iPadOS Incorrect Authorization Vulnerability

Vulnerability

Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.

Description

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 34.74% 0.969
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.1 0.9 5.2
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.1 0.9 5.2
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://support.apple.com/en-us/122173
Vendor Advisory
Release Notes
https://support.apple.com/en-us/122174
Vendor Advisory
Release Notes
http://seclists.org/fulldisclosure/2025/Feb/7
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2025/Feb/8
Third Party Advisory
Mailing List