Description
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.
Published: 2025-05-12
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized auto‑answer calls via Siri on locked devices
Action: Immediate Patch
AI Analysis

Impact

A configuration issue allows an attacker to use Siri while a device is locked to enable Auto‑Answer Calls, which can lead to unintended voice‑call activation and potential privacy or service abuse. The flaw resides in how options are presented on a locked device, thereby exposing a privileged function without appropriate access controls. The vulnerability falls under CWE‑284, indicating a weakness in access control that permits unauthorized functional use.

Affected Systems

Apple iOS and iPadOS devices, including all iPhone and iPad models using the operating systems before the 18.4 release. The problem is fixed in iOS 18.4 and iPadOS 18.4; devices running earlier versions remain vulnerable.

Risk and Exploitability

The CVSS score of 9.1 classifies this as a critical flaw, yet the EPSS score is less than 1 %, suggesting a low current exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Attackers would need to invoke Siri while the device is locked, which typically requires local access or a compromised voice‑assistant session. No remote exploitation path is described in the available data, so the threat is primarily limited to scenarios where an attacker can trigger Siri on a locked device.

Generated by OpenCVE AI on April 28, 2026 at 11:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to iOS 18.4 or iPadOS 18.4, which removes the ability to enable Auto‑Answer Calls via Siri on a locked device
  • If an upgrade cannot be performed immediately, temporarily disable Siri on the locked device to prevent the execution of Auto‑Answer Commands
  • While awaiting the update, also disable or limit Auto‑Answer Calls in the device settings to stop automatic activation until the patch is applied

Generated by OpenCVE AI on April 28, 2026 at 11:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14801 This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.
References
Link Providers
https://support.apple.com/en-us/122371 cve-icon cve-icon
History

Tue, 28 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Title Siri Auto‑Answer Calls on Locked iOS/iPadOS Devices

Tue, 27 May 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os

Wed, 14 May 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.
References

Subscriptions

Apple Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:19:02.644Z

Reserved: 2025-03-22T00:04:43.717Z

Link: CVE-2025-30436

cve-icon Vulnrichment

Updated: 2025-05-14T16:18:24.861Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-12T22:15:20.927

Modified: 2025-05-27T13:58:06.607

Link: CVE-2025-30436

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:30:29Z

Weaknesses