CVE-2025-31225

Published May 12, 2025

Last updated 2 months ago

CVSS high 7.1

Overview

Description: A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results.
Source: product-security@apple.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.1
Impact score: 4.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-200

Hype score: Not currently trending

🟠 #iOS, Privacy Vulnerability, #CVE-2025-31225 (Medium) https://t.co/rdV8SDQK7R
@dailycve
28 May 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D0459303-7D14-428D-9C4E-2C743AC9529F",
            "versionEndExcluding": "18.5"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF6AAC00-F384-4B0D-BBA9-C2AD278BF653",
            "versionEndExcluding": "18.5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References