Description
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen.
Published: 2025-11-04
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Disclosure
Action: Apply Patch
AI Analysis

Impact

The vulnerability originates from the way iOS and iPadOS present keyboard suggestions when a device is locked. The system may display snippets of previously typed sensitive text, such as passwords or personal messages, on the lock screen. This provides an information disclosure vector that could allow anyone physically in possession of the device to view that data without unlocking it. The weakness corresponds to CWE‑359, Sensitive Information Exposure.

Affected Systems

Apple iOS and iPadOS devices running versions earlier than iOS 26.1 or iPadOS 26.1 are affected. The fix is included in the 26.1 releases.

Risk and Exploitability

The CVSS score is 4.6, indicating a medium severity with impact limited to confidentiality. The EPSS score is less than 1 %, suggesting a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Because the data may be displayed on the lock screen, local or physical access is the most likely attack vector. The consequence is limited to data leakage.

Generated by OpenCVE AI on April 28, 2026 at 10:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to iOS 26.1 or iPadOS 26.1 to receive the vendor patch.
  • Until the update can be applied, disable lock‑screen keyboard suggestions via Settings → General → Keyboard if the option is available, to stop sensitive suggestions from appearing.
  • Set the device to use a conservative screen lock timeout to reduce the window where keyboard suggestions could be displayed.
  • Enforce a strong alphanumeric passcode or biometric authentication to limit physical access.

Generated by OpenCVE AI on April 28, 2026 at 10:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125632 cve-icon cve-icon
History

Tue, 28 Apr 2026 11:00:00 +0000

Type Values Removed Values Added
Title Sensitive Data Leakage through Keyboard Suggestions on Lock Screen

Wed, 05 Nov 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 04 Nov 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Tue, 04 Nov 2025 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-359
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Vendors & Products Apple
Apple ios
Apple ipados

Tue, 04 Nov 2025 01:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen.
References

Subscriptions

Apple Ios Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:20.594Z

Reserved: 2025-04-16T15:24:37.125Z

Link: CVE-2025-43452

cve-icon Vulnrichment

Updated: 2025-11-04T16:15:58.296Z

cve-icon NVD

Status : Modified

Published: 2025-11-04T02:15:50.837

Modified: 2025-11-05T15:15:37.240

Link: CVE-2025-43452

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T10:45:29Z

Weaknesses