CVE-2025-24095 — Authentication Bypass Using an Alternate Path or Channel in Apple IOS AND Ipados

CWE-288 — Authentication Bypass Using an Alternate Path or Channel5 documents4 sources

Severity

7.6HIGHNVD

EPSS

0.2%

top 58.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Visionos Apple Ipados +1 more

Timeline

PublishedMar 31

Latest updateApr 1

Description

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:LExploitability: 2.1 | Impact: 5.5

Affected Packages5 packages

▶NVDapple/ipados< 18.4

▶CVEListV5apple/visionos< 2.4

▶NVDapple/visionos< 2.4

▶CVEListV5apple/ios_and_ipados< 18.4

▶NVDapple/iphone_os< 18.4

🔴Vulnerability Details

GHSA

GHSA-2h82-w6j2-mfx6: This issue was addressed with additional entitlement checks↗2025-04-01

▶

CVEList

CVE-2025-24095: This issue was addressed with additional entitlement checks↗2025-03-31

▶

📋Vendor Advisories

Apple

CVE-2025-24095: visionOS 2.4↗2025-03-31

▶

Apple

CVE-2025-24095: iOS 18.4 and iPadOS 18.4↗2025-03-31

▶