Main Vulnerability Database Vulnerabilities #VU106909

#VU106909 Improper access control in Apple iOS and iPadOS - CVE-2025-24221

Published: April 3, 2025

Vulnerability identifier: #VU106909

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-24221

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apple iOS
iPadOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in Accounts. Sensitive keychain data may be accessible from an iOS backup.

Install updates from vendor's website.