CVE-2025-43454 - Vulnerability Details

- Persistent Lock Failure in Apple iOS and iPadOS

Description

This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock.

Published: 2025-11-04

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Apple iOS and iPadOS devices have a flaw in state management that can cause the lock screen to become permanently inoperative. When the defect is triggered, the device may persistently fail to lock, effectively removing the ability to secure the device after a fault occurs. The vulnerability is categorized as CWE‑284 due to improper access control in the lock‑screen logic.

Affected Systems

Vulnerable firmware includes all iOS and iPadOS versions released prior to iOS 18.7.2, iPadOS 18.7.2, iOS 26.1, and iPadOS 26.1. Devices running these older releases may experience a lock‑screen failure; the state‑management fixes are included in the newer releases listed above.

Risk and Exploitability

The CVSS score of 7.5 indicates a high‑severity denial‑of‑service scenario, while the EPSS score of < 1 % suggests that exploitation is currently unlikely with publicly available tools. The vulnerability is not listed in the CISA KEV catalog. The attack vector is not specified in the CVE entry; based on the description this issue may require a local fault that triggers the state‑management failure, but the precise exploit path is not documented.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

iOS and iPadOS

affected

Version	Status	Constraints
`0`	affected	< 18.7.2
`0`	affected	< 26.1

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::

No data.

Vendor	Product	Confidence	Versions
Apple	Ios	—	—
Apple	Ipad Os	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Install iOS 18.7.2 or later, or iPadOS 18.7.2 or later, to apply the state‑management fix.
Reboot the device and verify that the lock function works correctly.
If the lock still fails after the update, contact Apple Support for further assistance.

Generated by OpenCVE AI on April 28, 2026 at 22:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.apple.com/en-us/125632
https://support.apple.com/en-us/125633

History

Tue, 28 Apr 2026 23:00:00 +0000

Type	Values Removed	Values Added
Title		Persistent Lock Failure in Apple iOS and iPadOS

Wed, 17 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description	This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. A device may persistently fail to lock.	This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock.
References		https://support.apple.com/en-us/125632

Wed, 05 Nov 2025 19:30:00 +0000

Type	Values Removed	Values Added
References	https://support.apple.com/en-us/125632
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 05 Nov 2025 18:45:00 +0000

Type	Values Removed	Values Added
Description	This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock.	This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. A device may persistently fail to lock.
References		https://support.apple.com/en-us/125633

Wed, 05 Nov 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple ipados Apple iphone Os
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os::::::::
Vendors & Products		Apple ipados Apple iphone Os

Tue, 04 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

Tue, 04 Nov 2025 16:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ios Apple ipad Os
Vendors & Products		Apple Apple ios Apple ipad Os

Tue, 04 Nov 2025 01:45:00 +0000

Type	Values Removed	Values Added
Description		This issue was addressed through improved state management. This issue is fixed in iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock.
References		https://support.apple.com/en-us/125632

Subscriptions

Apple Ios Ipad Os Ipados Iphone Os

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-11-04T01:16:05.644Z

Updated: 2026-04-02T18:13:39.347Z

Reserved: 2025-04-16T15:24:37.125Z

Link: CVE-2025-43454

Vulnrichment

Updated: 2025-11-04T20:43:14.571Z

NVD

Status : Modified

Published: 2025-11-04T02:15:50.933

Modified: 2025-12-17T21:16:05.417

Link: CVE-2025-43454

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T22:45:25Z

Weaknesses

CWE-284

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object