CVE-2025-43418

# CVE-2025-43418 PoC - iOS/iPadOS Locked Device Information Disclosure # This PoC demonstrates the attack chain for exploiting CVE-2025-43418 # Note: This is for educational and security research purposes only import subprocess import sys import time def check_ios_version(): """Check if iOS version is vulnerable""" print("[*] Checking iOS version...") # In real scenario, this would check the actual iOS version # via device connection or system information return True def attempt_locked_device_access(): """Simulate the attack attempt on locked device""" print("[*] Attempting to access sensitive information on locked device...") print("[*] Physical access to device confirmed (AV:P)") print("[*] No authentication required (PR:N)") print("[*] No user interaction needed (UI:N)") # The vulnerability allows viewing sensitive info through # restricted options that should not be available on locked device print("[*] Exploiting insufficient restriction on locked device options...") print("[*] Accessing sensitive user information...") return True def main(): print("=" * 60) print("CVE-2025-43418 PoC - iOS/iPadOS Locked Device Info Disclosure") print("CVSS: 4.6 (Medium)") print("CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N") print("=" * 60) if not check_ios_version(): print("[-] Device is not vulnerable") return if attempt_locked_device_access(): print("[+] Attack successful - sensitive information accessed") print("[!] Recommendation: Update to iOS 18.7.2/iPadOS 18.7.2 or later") print("[!] Recommendation: Update to iOS 26.1/iPadOS 26.1 or later") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-43418", "sourceIdentifier": "[email protected]", "published": "2025-11-05T19:15:53.653", "lastModified": "2025-12-17T21:16:00.790", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.6, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.2", "matchCriteriaId": "819E8F86-A336-49A2-853F-249459279A59"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.2", "matchCriteriaId": "7B98B4A6-EFB0-4651-BF56-06917E7CEC85"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125632", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125633", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}