← Back to CVEs

CVE-2025-24200

MEDIUMCISA KEV

6.1

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

CVE Details

CVSS v3.1 Score6.1

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack VectorPHYSICAL

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published2/10/2025

Last Modified4/3/2026

Sourcekev

Honeypot Sightings0

CISA KEV

VendorApple

ProductiOS and iPadOS

Vulnerability NameApple iOS and iPadOS Incorrect Authorization Vulnerability

KEV Date Added2025-02-12

Remediation Due Date2025-03-05

Ransomware UseUnknown

Affected Products

apple:ipadosapple:iphone_os

Weaknesses (CWE)

CWE-863

References

https://support.apple.com/en-us/122173(product-security@apple.com)

https://support.apple.com/en-us/122174(product-security@apple.com)

https://support.apple.com/en-us/122345(product-security@apple.com)

https://support.apple.com/en-us/122346(product-security@apple.com)

http://seclists.org/fulldisclosure/2025/Apr/7(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2025/Feb/7(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2025/Feb/8(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24200(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.