cbcvebase.
CVE-2025-24200
published 2025-02-10

CVE-2025-24200: An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS…

medium6.1CVSS 3.1
AVPACLPRNUINSUCHIHAN
KEV
CISA Known Exploited Vulnerabilitydue 2025-03-05
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Affected

15 ranges
VendorProductVersion rangeFixed in
appleios_15.8.4_and_ipados
appleios_16.7.11_and_ipados
appleios_18.3.1_and_ipados
appleios_and_ipados< 15.8.415.8.4
appleios_and_ipados< 16.7.1116.7.11
appleios_and_ipados< 18.3.118.3.1
appleipados< 17.7.517.7.5
appleipados< 15.8.415.8.4
appleipados
appleipados>= 16.0 < 16.7.1116.7.11
appleipados17.0 – 17.7.5
appleipados>= 18.0 < 18.3.118.3.1
appleiphone_os< 15.8.415.8.4
appleiphone_os>= 16.0 < 16.7.1116.7.11
appleiphone_os>= 17.0 < 18.3.118.3.1

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
vulncheck6.1MEDIUM
cisa6.1MEDIUM