Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.
Published: 2025-05-12
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Update
AI Analysis

Impact

A logic flaw in Apple iOS and iPadOS allows an application to enumerate the list of other applications installed on the device, exposing sensitive user behavior. This defect falls under a confidentiality breach (CWE‑200) and can reveal the presence of privacy‑sensitive apps or user activity patterns.

Affected Systems

Apple’s iOS and iPadOS operating systems are affected. The vulnerability applies to all releases prior to iOS 18.5 and iPadOS 18.5, which contain the fix. Versions older than 18.5 remain susceptible.

Risk and Exploitability

The CVSS score of 7.7 reflects a high severity for information disclosure. The EPSS score of less than 1% indicates a very low probability of widespread exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog, and no exploits have been reported publicly. The likely attack vector is a legitimate or sideloaded app that includes a code path capable of requesting and reading the installed‑app list, which an attacker can use to infer user behavior.

Generated by OpenCVE AI on April 28, 2026 at 01:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to iOS 18.5 or iPadOS 18.5 to apply the vendor patch.
  • Review installed applications and remove any that are unnecessary or untrusted.
  • Configure or disable application‑level permissions that allow enumeration of installed apps, if available in the OS settings.

Generated by OpenCVE AI on April 28, 2026 at 01:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14782 A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.
History

Tue, 28 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title App Enumeration Vulnerability in iOS and iPadOS

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os

Wed, 14 May 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.
References

Subscriptions

Apple Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:18:38.693Z

Reserved: 2025-03-27T16:13:58.316Z

Link: CVE-2025-31207

cve-icon Vulnrichment

Updated: 2025-11-03T19:48:47.509Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:21.810

Modified: 2025-11-03T20:18:17.503

Link: CVE-2025-31207

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:00:15Z

Weaknesses