Description
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Published: 2025-02-10
Score: 6.1 Medium
EPSS: 43.5% Moderate
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

An authorization issue in Appleā€™s iOS and iPadOS systems was detected, where improper state management could allow an attacker to disable the USB Restricted Mode on a locked device. This flaw could enable the attacker to bypass hardware restrictions and potentially gain unauthorized access or elevate privileges on the affected device. The weakness is classified as CWE-863.

Affected Systems

The flaw affects Apple devices running iOS and iPadOS versions older than iOS 15.8.4, iOS 16.7.11, and iOS 18.3.1, and older than iPadOS 15.8.4, iPadOS 16.7.11, iPadOS 18.3.1, and iPadOS 17.7.5. These earlier firmware releases remain vulnerable until an update is installed.

Risk and Exploitability

The CVSS score is 6.1, indicating a moderate severity, but the EPSS score of 44% signals a relatively high probability of exploitation. The vulnerability is listed in the CISA KEV catalog, underscoring that it has been targeted in at least one highly sophisticated attack. The attack vector is inferred to be physical, requiring an attacker to obtain access to the locked device to disable USB Restricted Mode, after which further exploitation may be possible.

Generated by OpenCVE AI on May 12, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to the latest supported iOS (15.8.4 or newer) or iPadOS (15.8.4 or newer) version that includes the fix.
  • Ensure that USB Restricted Mode remains enabled while the device is locked to prevent unauthorized physical access.
  • Limit physical access to the device and enforce good hygiene practices, such as using strong device passwords and enabling Find My iPhone.

Generated by OpenCVE AI on May 12, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 15:30:00 +0000

Type Values Removed Values Added
Title Authorization flaw disabling USB Restricted Mode on iOS/iPadOS devices

Mon, 11 May 2026 19:00:00 +0000

Type Values Removed Values Added
Title Authorization Flaw Allowing Disabling of USB Restricted Mode on Locked Devices

Tue, 28 Apr 2026 04:00:00 +0000

Type Values Removed Values Added
Title Authorization Flaw Allowing Disabling of USB Restricted Mode on Locked Devices

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
References

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 23:15:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.37248}

 epss

{'score': 0.37604}

Tue, 18 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Thu, 13 Feb 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os

Wed, 12 Feb 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-02-12'}

Wed, 12 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 11 Feb 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 11 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 11 Feb 2025 06:45:00 +0000

Type Values Removed Values Added
References

Mon, 10 Feb 2025 19:15:00 +0000

Type Values Removed Values Added
Description An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
References

Subscriptions

Apple Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:08.362Z

Reserved: 2025-01-17T00:00:44.999Z

Link: CVE-2025-24200

cve-icon Vulnrichment

Updated: 2025-11-03T21:07:31.682Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-10T19:15:40.107

Modified: 2026-04-03T11:44:27.853

Link: CVE-2025-24200

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T15:15:18Z

Weaknesses