Description
This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.
Published: 2025-08-15
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Patch
AI Analysis

Impact

Apple Music Classical for Android versions prior to 2.3 contain a flaw that may cause the application to leak a user's credentials unexpectedly. The vulnerability is described as an information disclosure flaw, allowing an attacker to gain unauthorized access to stored authentication data. Crucially, the disclosed data could be used to impersonate the user or gain further access to other services the credentials authorize.

Affected Systems

The affected product is Apple Music Classical running on Android devices. Only versions before 2.3 are vulnerable; the fix is contained in Apple Music Classical 2.3 and later. The CVE is not listed in the CISA Known Exploited Vulnerabilities catalog and the EPSS indicates a very low, but non‑zero, exploitation probability.

Risk and Exploitability

The CVSS score of 6.2 indicates moderate severity. The very low EPSS (<1%) suggests that exploitation is unlikely under normal conditions, yet the possibility exists for targeted attacks. As no remedy or workaround is advertised by Apple, the primary mitigation is to upgrade to a fixed version. The absence from KEV indicates no known active exploitation, but caution is advised as credential leakage can enable further attacks.

Generated by OpenCVE AI on April 28, 2026 at 00:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Apple Music Classical to version 2.3 or later on all Android devices.
  • Remove any credentials that may have been exposed by clearing the app’s stored data via the device’s credential manager.
  • If an immediate update is not feasible, isolate the application by restricting its network access or using a mobile device management policy until the vulnerability is patched.

Generated by OpenCVE AI on April 28, 2026 at 00:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25051 This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.
References
Link Providers
https://support.apple.com/en-us/124156 cve-icon cve-icon
History

Tue, 28 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
Title Apple Music Classical Android May Leak Credentials

Thu, 21 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple music Classical
CPEs cpe:2.3:a:apple:music_classical:*:*:*:*:*:android:*:*
Vendors & Products Apple music Classical

Mon, 18 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 16 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple apple Music
Apple music
Google
Google android
Vendors & Products Apple
Apple apple Music
Apple music
Google
Google android

Fri, 15 Aug 2025 22:15:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved checks. This issue is fixed in Apple Music Classical 2.3 for Android. An app may be able to unexpectedly leak a user's credentials.
References

Subscriptions

Apple Apple Music Music Music Classical
Google Android
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:34.748Z

Reserved: 2025-04-16T15:24:37.088Z

Link: CVE-2025-43201

cve-icon Vulnrichment

Updated: 2025-08-18T12:30:55.944Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-15T22:15:31.930

Modified: 2025-08-21T20:03:09.447

Link: CVE-2025-43201

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T00:30:15Z

Weaknesses