Unauthorized Access to Wi-Fi Profiles in Apple Devices
CVE-2025-31216

2.4LOW

Key Information:

Vendor: Apple
Status: iPad OS; iOS And iPad OS
Vendor: CVE Published:; 21 November 2025

What is CVE-2025-31216?

A flaw has been discovered in Apple's iPadOS and iOS that can allow an attacker with physical access to the device to manipulate and override managed Wi-Fi profiles. This vulnerability highlights critical concerns regarding access control and device security, prompting the need for immediate updates to the affected operating system versions to safeguard against potential unauthorized access.

Affected Version(s)

iOS and iPadOS < 18.5

iPadOS < 17.7

References

https://support.apple.com/en-us/122405

https://support.apple.com/en-us/122404

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2025
Vulnerability Reserved
Mar 27, 2025

JSON