CVE-2025-24091

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Apr 30, 2025

Updated: May 12, 2025

CWE ID 290

Summary

CVE-2025-24091: A vulnerability was discovered in iOS and iPadOS where an app could impersonate system notifications, potentially leading to confusion and trust issues for users. To mitigate this risk, Apple has introduced restricted entitlements for sensitive notifications in iOS 18.3 and iPadOS 18.3, as well as iPadOS 17.7.3. This issue enables an app to cause a denial-of-service, but proper implementation of the new entitlements should help safeguard against such impersonation attempts.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

iOS
iPadOS
Apple (iPhone OS)

Affected Vendors

Apple

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2ifPlg
https://www.cve.org/CVERecord?id=CVE-2025-24091
https://nvd.nist.gov/vuln/detail/CVE-2025-24091

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners