Cyber Resilience

CVE-2025-24095

High

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
EPSS Score 0.0004 11.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24095 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Apple Ipados. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 11.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24095 is a vulnerability that allows an app to bypass Privacy preferences due to insufficient entitlement checks, classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel). It affects iOS versions prior to 18.4, iPadOS versions prior to 18.4, and visionOS versions prior to 2.4. The issue has a CVSS v3.1 base score of 7.6 (High), reflecting network accessibility, low attack complexity, low privileges required, user interaction needed, unchanged scope, high impact on confidentiality and integrity, and low impact on availability.

Exploitation requires an attacker with low privileges, such as a malicious app installed on the device, and user interaction, potentially during app installation or usage. A successful attack enables the app to circumvent Privacy preferences, resulting in high confidentiality and integrity impacts by accessing or modifying sensitive user data without authorization, alongside limited availability disruption.

Apple's security advisories confirm the issue was addressed through additional entitlement checks in iOS 18.4, iPadOS 18.4, and visionOS 2.4. Relevant details are available in Apple support documents at https://support.apple.com/en-us/122371 and https://support.apple.com/en-us/122378, with further disclosures on seclists.org at http://seclists.org/fulldisclosure/2025/Apr/12 and http://seclists.org/fulldisclosure/2025/Apr/4. Security practitioners should prioritize updating affected devices to mitigate this bypass risk.

EU & UK References

Vulnerability details

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

The vulnerability allows a malicious app to bypass privacy preferences via insufficient entitlement checks, directly enabling unauthorized access to sensitive local user data (T1005) and modification of stored data (T1565.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-30433Same product: Apple Ipados
CVE-2025-24221Same product: Apple Ipados
CVE-2026-28964Same product: Apple Ipados
CVE-2026-28876Same product: Apple Ipados
CVE-2025-43428Same product: Apple Ipados
CVE-2026-28965Same product: Apple Ipados
CVE-2026-28855Same product: Apple Ipados
CVE-2026-20677Same product: Apple Ipados
CVE-2026-28906Same product: Apple Ipados
CVE-2025-24257Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 18.4
apple
iphone os
≤ 18.4
apple
visionos
≤ 2.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations including entitlement checks to directly prevent apps from bypassing privacy preferences.

prevent

Remediates the specific flaw in entitlement checks through timely flaw remediation and patching to updated iOS/iPadOS/visionOS versions.

prevent

Applies least privilege to app entitlements, limiting the scope of potential bypasses to only necessary privileges.

References