Logic Issue in iOS and iPadOS Allows App Enumeration
CVE-2025-31207

7.7HIGH

Key Information:

Vendor: Apple
Status: iOS And iPad OS
Vendor: CVE Published:; 12 May 2025

What is CVE-2025-31207?

A logic issue in iOS and iPadOS may allow a malicious app to enumerate the installed applications on a user's device. This could lead to potential privacy breaches, where sensitive information about user preferences and installations could be exposed. The issue has been addressed with enhanced checks in the latest versions, ensuring that apps cannot gain unauthorized access to this information.

Affected Version(s)

iOS and iPadOS < 18.5

References

https://support.apple.com/en-us/122404

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2025
Vulnerability Reserved
Mar 27, 2025

Apple

What is CVE-2025-31207?

Affected Version(s)

References

CVSS V3.1

Timeline