CVE-2025-24104 - Vulnerability Details

Description

This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files.

Published: 2025-01-27

Score: 5.5 Medium

EPSS: 3.3% Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability arises from insufficient path validation when restoring backup files on Apple iOS and iPadOS devices. An attacker who can supply a maliciously crafted backup file can cause the system to follow a symbolic link that points to a protected file and overwrite it. The result is an unauthorized modification of critical system files, potentially compromising device integrity and undermining security features.

Affected Systems

The flaw affects Apple iOS and iPadOS devices running versions older than iOS 18.3 and iPadOS 18.3 or 17.7.4. All models that support these operating system releases are affected, as noted in the Apple support references.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate impact, and the EPSS score of 3 % suggests a low‑to‑moderate likelihood of exploitation. Because the flaw requires a malicious backup file to be restored, the likely attack vector involves a user or attacker initiating a restore or a corrupted iCloud backup sync. The vulnerability is not listed in the CISA KEV catalog, indicating no publicly confirmed exploits in the wild at this time.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

iOS and iPadOS

affected

Version	Status	Constraints
`0`	affected	< 18.3

Apple

iPadOS

affected

Version	Status	Constraints
`0`	affected	< 17.7.4

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update all affected devices to iOS 18.3, iPadOS 18.3, or iPadOS 17.7.4 to apply the fix for the symlink handling issue.
Delete any potentially compromised backups and restore the device from a clean backup or perform a factory reset.
Enforce checks during backup restoration to block symlink traversal, mitigating the path validation flaw identified as CWE‑59.

Generated by OpenCVE AI on April 28, 2026 at 19:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-3619	This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, iOS 18.3 and iPadOS 18.3. Restoring a maliciously crafted backup file may lead to modification of protected system files.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.03332.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Jan/14
https://support.apple.com/en-us/122066
https://support.apple.com/en-us/122067

History

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, iOS 18.3 and iPadOS 18.3. Restoring a maliciously crafted backup file may lead to modification of protected system files.	This issue was addressed with improved handling of symlinks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4. Restoring a maliciously crafted backup file may lead to modification of protected system files.

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Jan/14

Wed, 05 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 30 Jan 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os
Weaknesses		CWE-59
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N'}`

Mon, 27 Jan 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		This issue was addressed with improved handling of symlinks. This issue is fixed in iPadOS 17.7.4, iOS 18.3 and iPadOS 18.3. Restoring a maliciously crafted backup file may lead to modification of protected system files.
References		https://support.apple.com/en-us/122066 https://support.apple.com/en-us/122067

Subscriptions

Apple Ipados Iphone Os

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-01-27T21:45:35.220Z

Updated: 2026-04-02T18:10:33.903Z

Reserved: 2025-01-17T00:00:44.968Z

Link: CVE-2025-24104

Vulnrichment

Updated: 2025-01-28T20:22:15.060Z

NVD

Status : Modified

Published: 2025-01-27T22:15:15.983

Modified: 2026-04-02T19:19:00.037

Link: CVE-2025-24104

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T19:15:25Z

Weaknesses

CWE-59

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object