Description
The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed.
Published: 2025-11-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a graphical user interface flaw that may allow password fields to be unintentionally exposed, potentially revealing user credentials to local processes or a malicious observer. The issue was resolved in iOS 26 and iPadOS 26, and Apple marked it as an information‑disclosure flaw with a CVSS score of 5.5, indicating moderate confidentiality impact.

Affected Systems

The flaw affects all Apple iOS and iPadOS devices running a version older than 26. Users whose devices have not been upgraded remain susceptible, while devices updated to iOS 26 or iPadOS 26 incorporate the UI fix that prevents inadvertent password exposure.

Risk and Exploitability

The EPSS score is less than 1%, and the vulnerability is not included in the CISA KEV catalog, suggesting a low likelihood of large‑scale exploitation. Nevertheless, the disclosure of passwords presents a significant privacy risk, especially if an attacker can manipulate the UI or capture the screen. The CVSS of 5.5 reflects a moderate risk that should prompt prompt remediation once the update becomes available.

Generated by OpenCVE AI on April 27, 2026 at 23:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to iOS 26 or iPadOS 26 to apply the official UI fix that prevents passwords from being unintentionally revealed.
  • If an update cannot be applied immediately, avoid using password fields in publicly viewable screens and disable any third‑party apps that may expose secure input elements.
  • Closely monitor Apple’s security advisories for any new patches or further guidance related to password field disclosure.

Generated by OpenCVE AI on April 27, 2026 at 23:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125108 cve-icon cve-icon
History

Mon, 27 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Title Unintended Password Field Disclosure in iOS and iPadOS

Mon, 01 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200

Tue, 04 Nov 2025 17:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipad Os
Vendors & Products Apple
Apple ios
Apple ipad Os

Tue, 04 Nov 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved UI. This issue is fixed in iOS 26 and iPadOS 26. Password fields may be unintentionally revealed.
References

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:14:36.970Z

Reserved: 2025-04-16T15:24:37.112Z

Link: CVE-2025-43360

cve-icon Vulnrichment

Updated: 2025-11-04T15:36:55.926Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:43.570

Modified: 2025-12-01T20:15:50.750

Link: CVE-2025-43360

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T23:30:15Z

Weaknesses