Description
This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26. Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications disabled on the lock screen.
Published: 2025-09-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Authentication bypass allowing FaceTime calls on a locked macOS device
Action: Apply update
AI Analysis

Impact

A flaw in macOS state management permits incoming FaceTime calls to appear or be accepted while the device is locked, even when lock‑screen notifications are disabled. The weakness enables an attacker to bypass normal authentication requirements for FaceTime access, classified as CWE‑287. The vulnerability does not provide remote code execution but can lead to unauthorized communication and potential privacy violations.

Affected Systems

Apple macOS systems prior to the release of macOS Tahoe 26 are affected. The issue is fixed in macOS Tahoe 26 and later versions; earlier releases remain vulnerable.

Risk and Exploitability

With a CVSS score of 7.5 the vulnerability is considered high severity. The EPSS score of less than 1% indicates a low exploitation probability at the moment, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a local or remote FaceTime client initiating a call to a device that is locked, bypassing the lock screen’s authentication checks.

Generated by OpenCVE AI on April 27, 2026 at 23:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the macOS system to version 26 or later to obtain the state‑management fix.
  • If an update is not immediately available, disable FaceTime or block incoming calls in the FaceTime settings as a temporary measure.
  • Re‑enable lock‑screen notifications or use a vendor‑provided configuration to prevent FaceTime calls from surfacing on the lock screen until a patch is applied.

Generated by OpenCVE AI on April 27, 2026 at 23:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-29298 This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26. Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications disabled on the lock screen.
History

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Wed, 17 Sep 2025 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 17 Sep 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Tue, 16 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed through improved state management. This issue is fixed in macOS Tahoe 26. Incoming FaceTime calls can appear or be accepted on a locked macOS device, even with notifications disabled on the lock screen.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:20:51.148Z

Reserved: 2025-03-27T16:13:58.343Z

Link: CVE-2025-31271

cve-icon Vulnrichment

Updated: 2025-11-03T18:09:20.146Z

cve-icon NVD

Status : Modified

Published: 2025-09-15T23:15:30.257

Modified: 2025-11-03T19:15:51.490

Link: CVE-2025-31271

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:00:18Z

Weaknesses