Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.
Published: 2025-05-19
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized viewing of photos
Action: Apply Patch
AI Analysis

Impact

A logic flaw in iOS and iPadOS allows photos stored in the Hidden Photos Album to be accessed without authentication, exposing personal images to anyone who has local device access. This unauthorized disclosure of confidential visual data compromises privacy.

Affected Systems

Apple iOS and iPadOS devices running any OS version prior to iOS 18.3 or iPadOS 18.3, which contain the unpatched logic issue in the Hidden Photos handling.

Risk and Exploitability

The CVSS score of 3.3 indicates moderate severity, and the EPSS score of less than 1 % suggests a low likelihood of exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the most likely attack vector is local access to the device, requiring the attacker to have physical possession or already compromise the device through another vulnerability.

Generated by OpenCVE AI on April 28, 2026 at 11:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest iOS 18.3 or iPadOS 18.3 update to apply the fix for the Hidden Photos Album vulnerability.
  • Move all confidential photos currently stored in Hidden Photos into a secure, authenticated photo library or cloud service before the update is applied.
  • Enforce a strong device passcode and enable full‑device encryption to limit local access to the photo data until the operating system is patched.

Generated by OpenCVE AI on April 28, 2026 at 11:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-15733 A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.
References
Link Providers
https://support.apple.com/en-us/122066 cve-icon cve-icon
History

Tue, 28 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Title Hidden Photos Album Can Be Viewed Without Authentication

Wed, 28 May 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os

Mon, 19 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 May 2025 17:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Mon, 19 May 2025 16:15:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.
References

Subscriptions

Apple Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:10:34.891Z

Reserved: 2025-03-27T16:13:58.311Z

Link: CVE-2025-31185

cve-icon Vulnrichment

Updated: 2025-05-19T16:49:35.714Z

cve-icon NVD

Status : Analyzed

Published: 2025-05-19T16:15:29.187

Modified: 2025-05-28T14:19:08.990

Link: CVE-2025-31185

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:30:29Z

Weaknesses