Main Vulnerability Database Vulnerabilities #VU108992

#VU108992 Missing Authorization in Apple iOS and iPadOS - CVE-2025-31228

Published: May 13, 2025

Vulnerability identifier: #VU108992

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-31228

CWE-ID: CWE-862

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Apple iOS
iPadOS

Software vendor:
Apple Inc.

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to missing authorization in Notes. An attacker with physical access to device can access notes from the lock screen.

Install updates from vendor's website.