CVE-2025-24104

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Jan 27, 2025

Updated: Feb 5, 2025

CWE ID 59

Summary

CVE-2025-24104 is a vulnerability affecting iPadOS and iOS that was recently addressed. The issue stems from improper handling of symlinks within the operating system. If a user restores their device from a maliciously crafted backup file, it could result in unintended modifications to protected system files, potentially compromising the system's security. This vulnerability has been resolved in iPadOS 17.7.4, iOS 18.3, and iPadOS 18.3.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

iOS
iPadOS
Apple (iPhone OS)

Affected Vendors

Apple

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2ifL3A
https://www.cve.org/CVERecord?id=CVE-2025-24104
https://nvd.nist.gov/vuln/detail/CVE-2025-24104

Back to Vulnerability Database