Description
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.
Published: 2025-03-31
Score: 2.4 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized photo access from lock screen with physical access
Action: Apply Patch
AI Analysis

Impact

An Apple iOS and iPadOS vulnerability allows a person with physical access to a device to retrieve photos from the lock screen. The flaw is tied to improper authorization controls, enabling media privacy to be exposed without authentication. Because the issue is limited to accessing local media files and does not promote code execution or system compromise, the overall impact is a privacy breach rather than a full compromise of the device.

Affected Systems

Vendors impacted are Apple for iOS and iPadOS. The vulnerability is fixed in iOS 18.4 and iPadOS 18.4; affected releases are those older than 18.4, though specific version ranges are not enumerated in the advisory.

Risk and Exploitability

The CVSS score of 2.4 indicates low severity, and the EPSS score of less than 1% suggests a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attack requires the attacker to be in physical proximity to the device and to have access to the lock screen, so the APT risk is limited. There is no known public exploit, and the attack vector is inferred to be local physical access based on the description.

Generated by OpenCVE AI on April 28, 2026 at 11:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to iOS 18.4 or iPadOS 18.4, which contains the state‑management fix.
  • After the update, restart the device to ensure the new state‑management policy is active.
  • Confirm that photo previews are disabled from the lock screen by checking Settings → Privacy → Photos → Lock Screen Access (if available).

Generated by OpenCVE AI on April 28, 2026 at 11:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8907 This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.
History

Tue, 28 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Unauthorized Photo Access from Lock Screen with Physical Access

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os

Wed, 02 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 02 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-863
Metrics cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4. A person with physical access to an iOS device may be able to access photos from the lock screen.
References

Subscriptions

Apple Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:23.924Z

Reserved: 2025-03-22T00:04:43.723Z

Link: CVE-2025-30469

cve-icon Vulnrichment

Updated: 2025-11-03T21:16:16.314Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:28.107

Modified: 2025-11-03T22:18:49.157

Link: CVE-2025-30469

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:00:13Z

Weaknesses