Vulnerability detail

Enriched intelligence for a single CVE

6.1

CVSS
Medium

CVE-2025-24200

PUBLISHED

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS...

Exploited in the wild PoC available Low complexity No user interaction

Vendor: Apple
Product: iOS and iPadOS, iPadOS
Published: Feb 10, 2025
EPSS: —

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

ios cisa nessus_scanner

CVSS scores

CVSS v3.1 6.1 Medium

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitation status

Exploited in the wild

Recorded 2025-02-12 00:00:00 UTC · Source

Proof of concept available

Recorded 2025-02-11 15:05:25 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Feb 12, 2025

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/233572	Jun 02, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

McTavishSue/CVE-2025-24200

github · Created 2025-02-11 15:05:25 UTC · 5 stars

CVE-2025-24200 - Incorrect Authorization

Timeline

CVE ID Reserved

January 17, 2025
CVE Published to Public

February 10, 2025
Proof of Concept Exploit Available

February 11, 2025
Added to KEVIntel

February 12, 2025
Detected by Nessus

June 02, 2025