Authorization Issue in iPadOS and iOS by Apple
CVE-2025-24200

6.1MEDIUM

Key Information:

Vendor
Apple
Status
iPad OS
iOS And iPad OS
Vendor
CVE Published:
10 February 2025

Badges

๐Ÿ”ฅ Trending now๐Ÿฅ‡ Trended No. 1๐Ÿ“ˆ Trended๐Ÿ“ˆ Score: 18,700๐Ÿ’ฐ Ransomware๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐Ÿฆ… CISA Reported๐Ÿ“ฐ News Worthy

What is CVE-2025-24200?

CVE-2025-24200 is a significant vulnerability identified in Apple's iPadOS and iOS operating systems, which are integral to the functionality of Apple mobile devices. This vulnerability relates to an authorization issue that could be exploited to bypass security features, specifically targeting the USB Restricted Mode on locked devices. Such an exploitation could allow unauthorized physical access to sensitive data on the device, undermining the security and integrity of organizational data. Given the widespread use of Apple devices in various environments, including corporate settings, this vulnerability poses a notable risk to organizational security.

Technical Details

The vulnerability is categorized as an authorization issue that stemmed from insufficient state management within the iPadOS and iOS frameworks. It allows individuals with physical access to the device to potentially disable USB Restricted Mode, which is designed to limit access to data via USB connections when the device is locked. Apple has addressed this vulnerability in the updates for iPadOS 17.7.5, iOS 18.3.1, and iPadOS 18.3.1 to strengthen device security and prevent unauthorized access attempts.

Potential impact of CVE-2025-24200

  1. Unauthorized Data Access: If exploited, this vulnerability could allow unauthorized individuals to gain access to sensitive information stored on the device, which could include corporate emails, contacts, and files.

  2. Targeted Attacks on Individuals: The nature of the vulnerability suggests it may be leveraged in highly sophisticated attacks against specific individuals, potentially leading to targeted data breaches that could compromise sensitive information.

  3. Erosion of Trust in Device Security: The existence of such an authorization issue can lead organizations to question the integrity of their mobile device management practices and the overall security posture of their deployed Apple devices. This could result in increased scrutiny on device security protocols and loss of confidence in the security measures employed by vendors.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

iOS and iPadOS < 18.3

iPadOS < 17.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-24200
Created by McTavishSue

News Articles

favicon imageThe Economic Times

iPhone Security Alert: Apple releases emergency iOS update to fix data leak vulnerability

Apple has released an urgent iOS and iPadOS update (18.3.1) to patch a critical security vulnerability (CVE-2025-24200) that allows attackers with physical access to bypass USB Restricted Mode on locked devices. Discovered by The Citizen Lab, the flaw has been exploited in highly targeted attacks. S...

1 week ago

favicon imageThe Cyber Express

Apple Patches Critical IOS Zero-Day CVE-2025-24200

Apple releases emergency updates for iOS and iPadOS to fix CVE-2025-24200, a zero-day vulnerability exploited to bypass USB security on locked devices.

1 week ago

References

https://support.apple.com/en-us/122173
https://support.apple.com/en-us/122174

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ’ฐ

    Used in Ransomware

  • ๐Ÿฆ…

    CISA Reported

  • ๐Ÿฅ‡

    Vulnerability reached the number 1 worldwide trending spot

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by GBHackers News

  • ๐Ÿ“ˆ

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

.