Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
Published: 2025-11-04
Score: 2.4 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized viewing of notification contents on the Lock Screen
Action: Upgrade and Mitigate
AI Analysis

Impact

A logic flaw allows an attacker with physical access to an iOS or iPadOS device to read notification contents that appear on the Lock Screen. This flaw is an example of improper access control, exposing potentially sensitive information to anyone who can pick up the device, but it does not provide code execution or broader system compromise.

Affected Systems

Apple iOS and iPadOS devices running before the release of iOS 26 and iPadOS 26 are affected; the issue is fixed in those version releases.

Risk and Exploitability

The CVSS score of 2.4 and an EPSS score of less than 1% indicate a low overall risk. Because the vulnerability requires physical possession of the device, it is unlikely to be abused widely. However, if an attacker has access to an unattended device, they can read notifications and potentially acquire sensitive data displayed therein. This vulnerability is not listed in the CISA KEV catalog, underscoring its limited immediate threat but still warranting remediation to protect privacy.

Generated by OpenCVE AI on April 27, 2026 at 23:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to iOS 26 or iPadOS 26 to apply the vendor‑supplied fix.
  • If an update is not immediately possible, configure Settings → Notifications → Lock Screen to "Show Previews" = "Never" so that notification text does not appear on the Lock Screen.
  • Ensure that the device is protected with a strong passcode or biometric lock and is not left unattended, reducing the chance of an attacker gaining physical access.

Generated by OpenCVE AI on April 27, 2026 at 23:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125108 cve-icon cve-icon
History

Mon, 27 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Title Physical Access Notification Exposure on iOS and iPadOS

Tue, 04 Nov 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Vendors & Products Apple
Apple ios
Apple ipad Os

Tue, 04 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:23:36.334Z

Reserved: 2025-04-16T15:24:37.105Z

Link: CVE-2025-43309

cve-icon Vulnrichment

Updated: 2025-11-04T15:11:08.478Z

cve-icon NVD

Status : Analyzed

Published: 2025-11-04T02:15:37.733

Modified: 2025-11-04T16:57:15.023

Link: CVE-2025-43309

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:15:06Z

Weaknesses