CVE-2025-31267

{"id": "CVE-2025-31267", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2025-07-10T23:15:27.800", "references": [{"url": "https://support.apple.com/en-us/123356", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de autenticaci\u00f3n mejorando la gesti\u00f3n del estado. Este problema se solucion\u00f3 en App Store Connect 3.0. Un atacante con acceso f\u00edsico a un dispositivo desbloqueado podr\u00eda acceder a informaci\u00f3n confidencial del usuario."}], "lastModified": "2025-07-29T18:08:30.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:app_store_connect:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6656D3E8-79F4-4308-B649-48A828BF8AFC", "versionEndExcluding": "3.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}