CVE-2025-30436: Input Validation

Q: What is the severity of CVE-2025-30436?

CVE-2025-30436 is recognized as a medium severity vulnerability impacting security on locked devices.

Q: How do I fix CVE-2025-30436?

To mitigate CVE-2025-30436, users should update their devices to iOS 18.4 or iPadOS 18.4.

Q: What devices are affected by CVE-2025-30436?

CVE-2025-30436 affects Apple iOS and iPadOS versions prior to 18.4.

Q: What is the impact of CVE-2025-30436?

An exploit of CVE-2025-30436 could allow attackers to enable Auto-Answer Calls on a locked device using Siri.

Q: When was CVE-2025-30436 addressed?

CVE-2025-30436 was addressed and fixed in the updates released for iOS and iPadOS on version 18.4.

Published Mar 31, 2025

Updated

Accessibility. A logging issue was addressed with improved data redaction.

Other sources

Accounts. This issue was addressed with improved data access restriction.

— Apple

AirDrop. A permissions issue was addressed with additional restrictions.

— Apple

AirPlay. A null pointer dereference was addressed with improved input validation.

— Apple

AirPlay. A type confusion issue was addressed with improved checks.

— Apple

AirPlay. A use-after-free issue was addressed with improved memory management.

— Apple

Credit

Zhongcheng Li(IES Red Team of ByteDance), Lehan Dilusha@@zafer, an anonymous researcher, Ron Masas(BREAKPOINT), Uri Katz (Oligo Security), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Dominik Rath, Martin Kreichgauer(Google Chrome), Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Google Threat Analysis Group, wac(Trend Micro Zero Day Initiative), pattern-f@@pattern_F_, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), CVE-2024-9681, Gergely Kalman@@gergely_kalman, Andr.Ess, Kirin@@Pwnrin, LFY@@secsys(Fudan University), mzzzz__, Anonymous(Trend Micro Zero Day Initiative), Wang Yu(Cyberserval), Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, Michael (Biscuit) Thomas - @social.lol@@biscuit, Ian Beer(Google Project Zero), CVE-2024-48958, CVE-2025-27113, CVE-2024-56171, Alex Radocea(Supernetworks), Dave G.(Supernetworks), 风沐云烟@@binary_fmyy, Minghao Lin@@Y1nKoc, Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Alhour@@NSAntoine, Florian Draschbacher, Jimmy, Jax Reissner, Dalibor Milanovic, Mickey Jin@@patch1t, Jaydev Ahire, @@RenwaX23, Syarif Muhammad Sajjad, Wojciech Regula(SecuRing), Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Halle Winkler, Politepix theoffcuts.org, Andrew James Gonzalez, Abhay Kailasia@@abhay_kailasia(C), Chi Yuan Chang(ZUSO ART), taikosoup, Bohdan Stasiuk@@bohdan_stasiuk, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Richard Hyunho Im with routezero.security@@richeeta, Alexander Heinrich@@Sn0wfreeze, SEEMOO, TU Darmstadt & Mathy Vanhoef@@vanhoefm, Jeroen Robben@@RobbenJeroen, DistriNet, KU Leuven, Vsevolod Kokorin (Slonser)(Solidlab), Gary Kwong, Paul Bakker(ParagonERP), Francisco Alonso@@revskills, rheza@@ginggilBesel

Affected Software

6 affected componentsFixes available

Apple iOS and iPadOS<18.4

Apple iOS, iPadOS, and macOS<18.4

iPhone OS<18.4

Apple iOS and iPadOS<18.4

18.4

Apple iOS, iPadOS, and macOS<18.4

18.4

Event History

Mar 31, 2025

Data Sourced

via Apple·12:00 AM

DescriptionWeaknessAffected Software

Updated

via Apple·12:00 AM

DescriptionWeakness

Updated

via Apple·12:00 AM

Description

May 12, 2025

CVE Published

via MITRE·09:42 PM

Data Sourced

via MITRE·09:42 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

APPLE-122371

Peer vulnerabilities

Found alongside the following vulnerabilities.

CVE-2025-24202
CVE-2025-24221
CVE-2025-24097
CVE-2025-24271
CVE-2025-24270
CVE-2025-31202
CVE-2025-24252
CVE-2025-24206
CVE-2025-30445
CVE-2025-24251
CVE-2025-31197
CVE-2025-43205
CVE-2025-24244
CVE-2025-24243
CVE-2025-30430
CVE-2025-24180
CVE-2025-24237
CVE-2025-30429
CVE-2025-24212
CVE-2025-24163
CVE-2025-24230
CVE-2025-31196
CVE-2025-24211
CVE-2025-24190
CVE-2025-30454
CVE-2025-31191
CVE-2025-24182
CVE-2025-31203
CVE-2024-9681
CVE-2025-30456
CVE-2025-30439
CVE-2025-24283
CVE-2025-30447
CVE-2025-30463
CVE-2025-24210
CVE-2025-24257
CVE-2025-30434
CVE-2025-30432
CVE-2025-24203
CVE-2024-48958
CVE-2025-24194
CVE-2025-27113
CVE-2024-56171
CVE-2025-24178
CVE-2025-31182
CVE-2025-24238
CVE-2025-31199
CVE-2025-30470
CVE-2025-46308
CVE-2025-24193
CVE-2025-30426
CVE-2025-30428
CVE-2025-30469
CVE-2025-24173
CVE-2025-24095
CVE-2025-30466
CVE-2025-24113
CVE-2025-30467
CVE-2025-31192
CVE-2025-24167
CVE-2025-24220
CVE-2025-30471
CVE-2025-30438
CVE-2025-30433
CVE-2025-30436
CVE-2025-31183
CVE-2025-24217
CVE-2025-24214
CVE-2025-24205
CVE-2025-24198
CVE-2025-31184
CVE-2025-24192
CVE-2025-24264
CVE-2025-24216
CVE-2025-24209
CVE-2025-24208
CVE-2025-30427
CVE-2025-30425

Frequently Asked Questions

What is the severity of CVE-2025-30436?

CVE-2025-30436 is recognized as a medium severity vulnerability impacting security on locked devices.

How do I fix CVE-2025-30436?

To mitigate CVE-2025-30436, users should update their devices to iOS 18.4 or iPadOS 18.4.

What devices are affected by CVE-2025-30436?

CVE-2025-30436 affects Apple iOS and iPadOS versions prior to 18.4.

What is the impact of CVE-2025-30436?

An exploit of CVE-2025-30436 could allow attackers to enable Auto-Answer Calls on a locked device using Siri.

When was CVE-2025-30436 addressed?

CVE-2025-30436 was addressed and fixed in the updates released for iOS and iPadOS on version 18.4.

CVE-2025-30436: Input Validation

Other sources

Credit

Affected Software

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-30436?

How do I fix CVE-2025-30436?

What devices are affected by CVE-2025-30436?

What is the impact of CVE-2025-30436?

When was CVE-2025-30436 addressed?

Company

Resources

Contact