CVE-2025-24221
Published Mar 31, 2025
·Updated
Accessibility. A logging issue was addressed with improved data redaction.
Credit
Lehan Dilusha@@zafer, an anonymous researcher, Uri Katz (Oligo Security), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Dominik Rath, Martin Kreichgauer(Google Chrome), Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Google Threat Analysis Group, wac(Trend Micro Zero Day Initiative), CVE-2024-9681, Andr.Ess, Kirin@@Pwnrin, LFY@@secsys(Fudan University), Anonymous(Trend Micro Zero Day Initiative), Wang Yu(Cyberserval), Michael (Biscuit) Thomas - @social.lol@@biscuit, CVE-2024-48958, CVE-2025-27113, CVE-2024-56171, Alex Radocea(Supernetworks), Dave G.(Supernetworks), 风沐云烟@@binary_fmyy, Minghao Lin@@Y1nKoc, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Jimmy, Mickey Jin@@patch1t, Jaydev Ahire, @@RenwaX23, Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Halle Winkler, Politepix theoffcuts.org, Andrew James Gonzalez, Alexander Heinrich@@Sn0wfreeze, SEEMOO, TU Darmstadt & Mathy Vanhoef@@vanhoefm, Jeroen Robben@@RobbenJeroen, DistriNet, KU Leuven, Vsevolod Kokorin (Slonser)(Solidlab), Gary Kwong, Paul Bakker(ParagonERP), rheza@@ginggilBesel, Zhongcheng Li(IES Red Team of ByteDance), Ron Masas(BREAKPOINT), pattern-f@@pattern_F_, Gergely Kalman@@gergely_kalman, mzzzz__, Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, Florian Draschbacher, Jax Reissner, Dalibor Milanovic, Syarif Muhammad Sajjad, Wojciech Regula(SecuRing), Abhay Kailasia@@abhay_kailasia(C), Chi Yuan Chang(ZUSO ART), taikosoup, Bohdan Stasiuk@@bohdan_stasiuk, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Richard Hyunho Im with routezero.security@@richeeta, Francisco Alonso@@revskills, CVE-2025-24085, Ian Beer(Google Project Zero), Apple, Lukas Bernhard, Tashita Software Security, Xiangwei Zhang(Tencent Security YUNDING LAB), linjy(HKUS3Lab), chluo(WHUSecLab), Brendon Tiszka(Google Project Zero)
Affected Software
8 affected componentsFixes available
apple iPadOS<17.7.6
apple iPadOS>=18.0<18.4
apple iPhone OS<18.4
Apple visionOS<2.4
Apple visionOS<2.4
2.4
apple iOS<18.4
18.4
apple iPadOS<18.4
18.4
apple iPadOS<17.7.6
17.7.6
Event History
Mar 31, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Affected Software
CVE Published
via MITRE·10:22 PM
Data Sourced
via MITRE·10:22 PM
DescriptionWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-24221?
CVE-2025-24221 has been classified as a moderate severity vulnerability due to issues related to data access restriction.
2
How do I fix CVE-2025-24221?
To fix CVE-2025-24221, update your device to the latest version of iOS, iPadOS, or visionOS as specified in the updates.
3
What devices are affected by CVE-2025-24221?
CVE-2025-24221 affects multiple Apple devices running iPadOS versions up to 17.7.6 and versions 18.0 to 18.4, along with certain versions of iOS and visionOS.
4
Is there a known exploit for CVE-2025-24221?
As of now, there are no public reports of exploits leveraging CVE-2025-24221.
5
What types of issues does CVE-2025-24221 address?
CVE-2025-24221 addresses issues related to accessibility logging and data access restrictions that can potentially expose sensitive information.