CVE-2025-24221

Published Mar 31, 2025

Last updated 24 days ago

CVSS high 7.5

Overview

Description: This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain data may be accessible from an iOS backup.
Source: product-security@apple.com
NVD status: Modified
Products: ipados, iphone_os, visionos

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-863

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "687E67E4-136D-4154-BA6F-5ACA16254023",
            "versionEndExcluding": "17.7.6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "BAAF5169-C6A9-449A-B41F-2CB1801EBA4B",
            "versionEndExcluding": "18.4",
            "versionStartIncluding": "18.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990",
            "versionEndExcluding": "18.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E82603D7-A630-4B9B-9C51-880667F05EC7",
            "versionEndExcluding": "2.4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References