← Volver a CVEs
CVE-2025-31267
MEDIUM4.6
Descripcion
An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information.
Detalles CVE
Puntuacion CVSS v3.14.6
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataquePHYSICAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/10/2025
Ultima modificacion7/29/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
apple:app_store_connect
Debilidades (CWE)
CWE-287
Referencias
https://support.apple.com/en-us/123356(product-security@apple.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.