CVE-2025-24200
Apple iOS and iPadOS Incorrect Authorization Vulnerability
CVSS
—
No CVSS
EPSS
4.4%
p90
KEV
YES
Feb 12, 2025
Exploit Today
77
0-100
Published: — · Last modified: —
4.4%EPSS · 30 days4.9%
2026-06-302026-07-17
Product
Apple / iOS and iPadOS
Vulnerability
Apple iOS and iPadOS Incorrect Authorization Vulnerability
Added to KEV
Feb 12, 2025
Remediate by
Mar 5, 2025
Known ransomware use
No
Summary description
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://support.apple.com/en-us/122173 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24200
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2021-30983—85.5%
KEV—76Apple iOS and iPadOS Buffer Overflow Vulnerability—CVE-2023-41974—69.6%
KEV—71Apple iOS and iPadOS Use-After-Free Vulnerability—CVE-2022-42827—62.9%
KEV—69Apple iOS and iPadOS Out-of-Bounds Write Vulnerability—CVE-2023-42824—57.0%
KEV—67Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability—