CVE-2025-31229

Critical

Published: 30 July 2025

Published

30 July 2025

Modified

03 November 2025

KEV Added

—

Patch

—

CVSS Score 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS Score 0.0012 30.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-31229 is a critical-severity Weak Encoding for Password (CWE-261) vulnerability in Apple Ipados. Its CVSS base score is 9.1 (Critical).

Operationally, ranked at the 30.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-6 (Authentication Feedback) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-6 Authentication Feedback good match

prevent

IA-6 requires obscuring feedback of authentication information like passcodes to prevent exploitation, directly mitigating the VoiceOver disclosure of the passcode.

SI-2 Flaw Remediation good match

prevent

SI-2 mandates timely identification and remediation of system flaws, addressing the logic issue in VoiceOver fixed by Apple's improved checks in iOS/iPadOS 18.6.

SI-15 Information Output Filtering good match

prevent

SI-15 filters sensitive information prior to output, preventing passcode disclosure through audio mechanisms like VoiceOver.

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v18.1

NVD Description

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver.

Deeper analysisAI

CVE-2025-31229 is a logic issue addressed with improved checks in the VoiceOver accessibility feature on iOS and iPadOS prior to version 18.6. The vulnerability enables the passcode to be read aloud by VoiceOver. It carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) and is associated with CWE-261 (Weak Encoding for Password).

Remote attackers can exploit this vulnerability over the network with low attack complexity, requiring no privileges, authentication, or user interaction. Exploitation results in high confidentiality and availability impacts, allowing the attacker to cause the device to audibly disclose the passcode via VoiceOver.

Apple's advisory confirms the issue is fixed in iOS 18.6 and iPadOS 18.6 through improved checks. Additional details are provided in the support article at https://support.apple.com/en-us/124147 and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Jul/30.

Details

CWE(s): CWE-261

Affected Products

apple

ipados

≤ 18.6

apple

iphone os

≤ 18.6

CVEs Like This One

CVE-2024-44238Same product: Apple Ipados

CVE-2024-44276Same product: Apple Ipados

CVE-2024-44136Same product: Apple Ipados

CVE-2026-28858Same product: Apple Ipados

CVE-2025-24200Same product: Apple Ipados

CVE-2026-28874Same product: Apple Ipados

CVE-2026-28875Same product: Apple Ipados

CVE-2026-28894Same product: Apple Ipados

CVE-2025-43300Same product: Apple Ipados

CVE-2026-20606Same product: Apple Ipados

References

https://support.apple.com/en-us/124147
Release Notes, Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Jul/30
af854a3a-2127-422b-91ae-364da2661108