Main Vulnerability Database Vulnerabilities #VU103756

#VU103756 Security features bypass in Apple iOS and iPadOS - CVE-2025-24200

Published: February 10, 2025

Vulnerability identifier: #VU103756

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2025-24200

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Apple iOS
iPadOS

Software vendor:
Apple Inc.

Description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to an authorization error. An attacker with physical access to device can disable USB Restricted Mode on a locked device and compromise the affected system.

Note, the vulnerability is being exploited in the wild in an extremely sophisticated attack against specific targeted individuals.

Remediation

Install updates from vendor's website.

External links

https://support.apple.com/en-us/122174

#VU103756 Security features bypass in Apple iOS and iPadOS - CVE-2025-24200

Description

Remediation

External links

Please verify you're human