CVE-2025-24200 - Apple iOS and iPadOS Incorrect Authorization Vulnerability

Apple | iOS and iPadOS

• Date Added:
• 2025-02-12

• Due Date:
• 2025-03-05

Vulnerability Name

Apple iOS and iPadOS Incorrect Authorization Vulnerability

Description

Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://support.apple.com/en-us/122173 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24200

Latest Security News

Microsoft: Hackers steal emails in device code phishing attacks

Android's New Feature Blocks Fraudsters from Sideloading Apps During Calls

Hackers exploit authentication bypass in Palo Alto Networks PAN-OS

New "whoAMI" Attack Exploits AWS AMI Name Confusion for Remote Code Execution

This Security Firm's 'Bias' Is Also Its Superpower

Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

SonicWall firewall bug leveraged in attacks after PoC exploit release

PirateFi game on Steam caught installing password-stealing malware

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Latest CVE List

CVE-2024-57727 SimpleHelp Path Traversal Vulnerability

CVE-2024-41710 Mitel SIP Phones Argument Injection Vulnerability

CVE-2025-24200 Apple iOS and iPadOS Incorrect Authorization Vulnerability

CVE-2025-21391 Microsoft Windows Storage Link Following Vulnerability

CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability

CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability

CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability

CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability

CVE-2022-23748 Dante Discovery Process Control Vulnerability

Common CWEs

LowCWE-64 Windows Shortcut Following (.LNK)

CWE-1269 Product Released in Non-Release Configuration

CWE-666 Operation on Resource in Wrong Phase of Lifetime

CWE-392 Missing Report of Error Condition

MediumCWE-771 Missing Reference to Active Allocated Resource

CWE-1267 Policy Uses Obsolete Encoding

CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

CWE-292 DEPRECATED: Trusting Self-reported DNS Name

MediumCWE-460 Improper Cleanup on Thrown Exception

CWE-924 Improper Enforcement of Message Integrity During Transmission in a Communication Channel