CVE-2025-24095
Published: 31 March 2025
Summary
CVE-2025-24095 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Apple Ipados. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 7.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations including entitlement checks to directly prevent apps from bypassing privacy preferences.
Remediates the specific flaw in entitlement checks through timely flaw remediation and patching to updated iOS/iPadOS/visionOS versions.
Applies least privilege to app entitlements, limiting the scope of potential bypasses to only necessary privileges.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows a malicious app to bypass privacy preferences via insufficient entitlement checks, directly enabling unauthorized access to sensitive local user data (T1005) and modification of stored data (T1565.001).
NVD Description
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences.
Deeper analysisAI
CVE-2025-24095 is a vulnerability that allows an app to bypass Privacy preferences due to insufficient entitlement checks, classified under CWE-288 (Authentication Bypass Using an Alternate Path or Channel). It affects iOS versions prior to 18.4, iPadOS versions prior to 18.4, and visionOS versions prior to 2.4. The issue has a CVSS v3.1 base score of 7.6 (High), reflecting network accessibility, low attack complexity, low privileges required, user interaction needed, unchanged scope, high impact on confidentiality and integrity, and low impact on availability.
Exploitation requires an attacker with low privileges, such as a malicious app installed on the device, and user interaction, potentially during app installation or usage. A successful attack enables the app to circumvent Privacy preferences, resulting in high confidentiality and integrity impacts by accessing or modifying sensitive user data without authorization, alongside limited availability disruption.
Apple's security advisories confirm the issue was addressed through additional entitlement checks in iOS 18.4, iPadOS 18.4, and visionOS 2.4. Relevant details are available in Apple support documents at https://support.apple.com/en-us/122371 and https://support.apple.com/en-us/122378, with further disclosures on seclists.org at http://seclists.org/fulldisclosure/2025/Apr/12 and http://seclists.org/fulldisclosure/2025/Apr/4. Security practitioners should prioritize updating affected devices to mitigate this bypass risk.
Details
- CWE(s)