CVE-2025-24220

State: PUBLISHED · Published: 2025-05-12 · Updated: 2026-04-02 · Assigner: apple

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.9. An app may be able to read a persistent device identifier.

CWE

CWE-200 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Affected

Apple / iOS and iPadOS — v=0 <18.4 [affected]
Apple / iPadOS — v=0 <17.7.9 [affected]

CVSS

(none)

References

https://support.apple.com/en-us/122371
https://support.apple.com/en-us/124148

Source

cvelistV5-main/cves/2025/24xxx/CVE-2025-24220.json