CVE-2025-24200
| CVE Published | 2025-02-10 |
|---|---|
| Related CWE(s) | CWE-863: Incorrect Authorization |
| Related Vendor(s) | apple |
| Related Product(s) | iphone_os, ipados |
| Exploitation Reported (CISA KEV) | 2025-02-12 |
| CVSS 3 Base Score | 6.1 (MEDIUM) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | PHYSICAL |
An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph