Back to KEVs

CVE-2025-24200

An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 17, 2025
Published Date: February 10, 2025
Last Updated: March 20, 2025
Vendor: Apple
Product: iPadOS, iOS and iPadOS
Description: An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

CVSS Scores

CVSS v3.1

6.1 - MEDIUM

Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC Information

Exploitation: active
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2025-02-12 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2025-02-11 15:05:25 UTC) Source

References

https://support.apple.com/en-us/122173 https://support.apple.com/en-us/122174

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-02-12 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

McTavishSue/CVE-2025-24200

Type: github • Created: 2025-02-11 15:05:25 UTC • Stars: 5

CVE-2025-24200 - Incorrect Authorization