CVE-2025-43422

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.1 iPadOS versions prior to 26.1

Description A flaw exists in the Stolen Device Protection function of iOS and iPadOS due to insufficient protection of service data. Successful exploitation could allow an attacker to disable the Stolen Device Protection feature. This issue was addressed by adding additional logic. An attacker requires physical access to the device to exploit this issue.

Recommendations Update to iOS version 26.1 or later. Update to iPadOS version 26.1 or later.

Fix

Information Disclosure

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-288

Related Identifiers

BDU:2025-13965

CVE-2025-43422

Affected Products

Ios

Ipados

CVE-2025-43422

Weakness Enumeration

Related Identifiers

Affected Products

References · 6