Description
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.
Published: 2025-05-12
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Network Traffic Interception
Action: Patch
AI Analysis

Impact

An issue with state management in Apple iOS and iPadOS allows an attacker who is in a privileged network position to intercept network traffic sent by the device. The vulnerability is classified as CWE-300, Information Exposure. The potential impact is that sensitive data can be captured during transmission, compromising confidentiality of communications while on the same network.

Affected Systems

Apple iOS and iPadOS devices, any versions prior to 18.5, are affected. The fix is released in iOS 18.5 and iPadOS 18.5, so all earlier releases need updating.

Risk and Exploitability

The CVSS score of 8.1 indicates a high severity, but the EPSS score of <1% suggests a low probability of exploitation in the wild. It is not listed in CISA’s KEV catalog, reducing the likelihood of widespread use. The likely attack vector is a network‑based attack from a position with privileged network access, as the exploit requires the ability to observe traffic to the device.

Generated by OpenCVE AI on April 28, 2026 at 01:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to iOS 18.5 or iPadOS 18.5 to apply the state‑management fix.
  • If immediate upgrade is not possible, isolate the device from privileged networks or enforce network isolation measures to reduce exposure.
  • Review and harden network policies to prevent privileged users from observing traffic to the device.

Generated by OpenCVE AI on April 28, 2026 at 01:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14781 This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.
History

Tue, 28 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Title Potential Network Traffic Interception via Improper State Management in iOS/iPadOS

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Wed, 28 May 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os

Thu, 15 May 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-300
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.
References

Subscriptions

Apple Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:10:42.108Z

Reserved: 2025-03-27T16:13:58.317Z

Link: CVE-2025-31214

cve-icon Vulnrichment

Updated: 2025-11-03T19:49:19.288Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:22.350

Modified: 2025-11-03T20:18:18.403

Link: CVE-2025-31214

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:00:15Z

Weaknesses