CVE-2025-24091

Published Apr 30, 2025

Last updated 10 months ago

CVSS medium 5.5
Apple
iOS

Overview

Description
An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.
Source
product-security@apple.com
NVD status
Analyzed
Products
ipados, iphone_os

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-290

Social media

Hype score
Not currently trending

  1. Comment Your IMEI to won Free Unlock Or -50% :) The vulnerability was assigned CVE-2025-24091 and addressed in iOS/iPadOS 18.3. ⬇️ https://t.co/2jlfb4h91M

    @minacrissDev_

    25 Jun 2025

    383 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Comment Your IMEI to won Free Unlock Or -50% :) The vulnerability was assigned CVE-2025-24091 and addressed in iOS/iPadOS 18.3. ⬇️ https://t.co/aobGiQfDoX

    @minacrissDev_

    3 May 2025

    599 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    1 Quote

  3. CVE-2025-24091 An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17… https://t.co/4JuyrVVkgD

    @CVEnew

    30 Apr 2025

    269 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. به تازگی آسیب پذیری جدیدی با کد شناسایی CVE-2025-24091 برای IOS منتشر شده است که می تواند فقط با یک خط کد باعث اکسپلویت شدن و Brick شدن این سیستم عامل شود. برای پیشگیری

    @AmirHossein_sec

    29 Apr 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Comment Your IMEI to won Free Unlock Or -50% :) The vulnerability was assigned CVE-2025-24091 and addressed in iOS/iPadOS 18.3. ⬇️ https://t.co/YPmtiUH0TB

    @minacrissDev_

    29 Apr 2025

    739 Impressions

    1 Retweet

    4 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  6. iPhone을 벽돌로 만들 수 있었던 1줄짜리 코드 이야기 - Darwin Notification 시스템의 특성과 취약점을 이용해 iPhone을 벽돌화할 수 있었던 사례 소개 - 이 취약점은 CVE-2025-24091로 등록되었으며, 제보자는 $17,500(2500만원)

    @GeekNewsHada

    29 Apr 2025

    1947 Impressions

    10 Retweets

    10 Likes

    6 Bookmarks

    1 Reply

    1 Quote

  7. 🚨NSOC Advisory🚨 Heads-up, iPhone users! A newly disclosed vulnerability (CVE-2025-24091) can brick your device with a single notification, unless you’re on iOS 18.3 or later. Update now, lock down app/widget installs via Mobile Device Manager. https://t.co/25r7oPjzcq

    @cirtgovjm

    28 Apr 2025

    258 Impressions

    4 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. Critical iOS flaw (CVE-2025-24091) allows apps to brick iPhones with one line of code. Update to iOS 18.3 now to stay protected! #iOSUpdate #CyberSecurity #AppleSecurity https://t.co/yzMFv4GL5B

    @dailytechonx

    28 Apr 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. A new iOS flaw (CVE-2025-24091) lets apps simulate a restore, making iPhones unresponsive until reset. It exploits the Darwin notification system’s lack of sender verification. Apple is aware, but no patch yet. #iOSVulnerability #CVE202524091 #AppleAlert #DarwinNotifications ht

    @CloneSystemsInc

    28 Apr 2025

    56 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨 New iOS Vulnerability Could Brick iPhones With Just One Line of Code — Update Now! A newly disclosed critical flaw in iOS (CVE-2025-24091) shows how a single line of code could send iPhones into an endless reboot loop, effectively bricking devices until a full system rest

    @efani

    28 Apr 2025

    303 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. iOSにおいて、たった1行のコードでiPhoneを恒久的に使用不能にする重大な脆弱性(CVE-2025-24091)が発見された。 この脆弱性は、Darwin通知システムを悪用し、無限リブートループを引き起こすものである。

    @yousukezan

    28 Apr 2025

    21159 Impressions

    141 Retweets

    258 Likes

    90 Bookmarks

    0 Replies

    4 Quotes

Configurations

Related CVEs

  1. The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.CVE-2023-43010
  2. Apple Multiple Buffer Overflow VulnerabilityCVE-2026-20700
  3. A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3. A shortcut may be able to bypass sandbox restrictions.CVE-2026-20677
  4. An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be able to access sensitive user data.CVE-2026-20678
  5. A logic issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker may be able to discover a user’s deleted notes.CVE-2026-20682

References

Sources include official advisories and independent security research.