CVE-2025-31192Authentication Bypass by Primary Weakness in Apple IOS AND Ipados

CWE-305Authentication Bypass by Primary Weakness6 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.2%
top 52.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOS AND IpadosApple MacosApple Safari+2 more
Timeline
PublishedMar 31
Latest updateApr 1

Description

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:LExploitability: 1.2 | Impact: 5.5

Affected Packages7 packages

CVEListV5apple/macos< 15.4
NVDapple/macos15.015.4
CVEListV5apple/safari< 18.4
NVDapple/ipados< 18.4
NVDapple/safari< 18.4

🔴Vulnerability Details

2
GHSA
GHSA-777h-hpfj-x7hv: The issue was addressed with improved checks2025-04-01
CVEList
CVE-2025-31192: The issue was addressed with improved checks2025-03-31

📋Vendor Advisories

3
Apple
CVE-2025-31192: iOS 18.4 and iPadOS 18.42025-03-31
Apple
CVE-2025-31192: Safari 18.42025-03-31
Apple
CVE-2025-31192: macOS Sequoia 15.42025-03-31
CVE-2025-31192 — Apple IOS AND Ipados vulnerability | cvebase