Main Vulnerability Database Vulnerabilities #VU103756

Security features bypass in Apple iOS and iPadOS - CVE-2025-24200

Published: February 10, 2025

Vulnerability identifier: #VU103756

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2025-24200

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Apple Inc.

Affected software:
Apple iOS
iPadOS

Detailed vulnerability description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to an authorization error. An attacker with physical access to device can disable USB Restricted Mode on a locked device and compromise the affected system.

Note, the vulnerability is being exploited in the wild in an extremely sophisticated attack against specific targeted individuals.

How to mitigate CVE-2025-24200

Install updates from vendor's website.

Sources

https://support.apple.com/en-us/122174

Security features bypass in Apple iOS and iPadOS - CVE-2025-24200

Detailed vulnerability description

How to mitigate CVE-2025-24200

Sources

Please verify you're human