CVE-2025-24200

high-risk

Published 2025-02-10

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Do I need to act?

47.3% chance of exploitation in next 30 days

EPSS score — higher than 53% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

PHYSICAL / LOW complexity

Affected Products (2)

Ipados

Iphone Os

Affected Vendors

Apple

References (8)

Release Notes https://support.apple.com/en-us/122173

Release Notes https://support.apple.com/en-us/122174

Release Notes https://support.apple.com/en-us/122345

Release Notes https://support.apple.com/en-us/122346

Mailing List http://seclists.org/fulldisclosure/2025/Apr/7

Mailing List http://seclists.org/fulldisclosure/2025/Feb/7

Mailing List http://seclists.org/fulldisclosure/2025/Feb/8

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...

/ 100

high-risk

Severity 20/34 · Moderate

Exploitability 24/34 · High

Exposure 7/34 · Low