CVE-2025-24221

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-24221
This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain data may be accessible from an iOS backup.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/122371 Vendor Advisory
https://support.apple.com/en-us/122372 Vendor Advisory
https://support.apple.com/en-us/122378 Vendor Advisory
http://seclists.org/fulldisclosure/2025/Apr/12
http://seclists.org/fulldisclosure/2025/Apr/4
http://seclists.org/fulldisclosure/2025/Apr/5
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
History

02 Apr 2026, 19:19

Type Values Removed Values Added
Summary (en) This issue was addressed with improved data access restriction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Sensitive keychain data may be accessible from an iOS backup. (en) This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain data may be accessible from an iOS backup.

03 Nov 2025, 21:19

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2025/Apr/12 -
  • () http://seclists.org/fulldisclosure/2025/Apr/4 -
  • () http://seclists.org/fulldisclosure/2025/Apr/5 -

07 Apr 2025, 13:39

Type Values Removed Values Added
First Time Apple visionos
Apple iphone Os
Apple
Apple ipados
References () https://support.apple.com/en-us/122371 - () https://support.apple.com/en-us/122371 - Vendor Advisory
References () https://support.apple.com/en-us/122372 - () https://support.apple.com/en-us/122372 - Vendor Advisory
References () https://support.apple.com/en-us/122378 - () https://support.apple.com/en-us/122378 - Vendor Advisory
CPE cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Summary
  • (es) Este problema se solucionó mejorando la restricción de acceso a datos. Este problema se solucionó en visionOS 2.4, iOS 18.4, iPadOS 18.4 y iPadOS 17.7.6. Es posible acceder a datos confidenciales del llavero desde una copia de seguridad de iOS.

02 Apr 2025, 14:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-863

31 Mar 2025, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-31 23:15

Updated : 2026-04-02 19:19

NVD link : CVE-2025-24221

Mitre link : CVE-2025-24221

CVE.ORG link : CVE-2025-24221

JSON object : View

Products Affected

apple

  • ipados
  • visionos
  • iphone_os
CWE
CWE-863

Incorrect Authorization