CVE-2025-43350

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen.

CVSS Details

CVSS Score

2.4

Severity

LOW

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE

Apple iOS < 26.1

Apple iPadOS < 26.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2025-43350 PoC - Physical Access Required
// Note: This vulnerability requires physical access to the device

// Attack Scenario Description:
// 1. Attacker gains physical access to locked iOS/iPadOS 26.1 device
// 2. Attacker performs specific UI interactions on lock screen
// 3. Attacker bypasses permission checks to view restricted content

// This is a physical access vulnerability, standard PoC code is not applicable.
// The attack requires manual interaction with the device's lock screen.

// Reference: https://support.apple.com/en-us/125632

// Mitigation: Update to iOS 26.1 or iPadOS 26.1

// Example verification script (conceptual):
const verifyFix = () => {
  const deviceInfo = {
    os: 'iOS',
    version: '26.1',
    vulnerable: false
  };
  
  // Check if device is updated
  if (compareVersion(deviceInfo.version, '26.1') < 0) {
    deviceInfo.vulnerable = true;
    console.log('Device is vulnerable to CVE-2025-43350');
  }
  
  return deviceInfo;
};

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-43350
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-43350
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-43350/
[4] VulDB https://vuldb.com/cve/CVE-2025-43350
[5] https://support.apple.com/en-us/125632

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-43350", "sourceIdentifier": "[email protected]", "published": "2025-11-04T02:15:42.240", "lastModified": "2025-11-05T15:15:34.497", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker may be able to view restricted content from the lock screen."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 2.4, "baseSeverity": "LOW", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-276"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "6D51AEDC-9086-4010-B3BF-C652D65D09C8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.1", "matchCriteriaId": "3981A7BE-BC98-4C6F-AE38-D68839368925"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125632", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}