CVE-2025-43495

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2

Description An application may be capable of monitoring keystrokes without the user’s consent due to insufficient access control within the WebKit web page rendering module of iOS and iPadOS. The issue is related to flaws in access restriction. A remote attacker may be able to gain unauthorized access to protected information by exploiting this flaw.

Recommendations Update to iOS version 18.7.2 or later. Update to iPadOS version 18.7.2 or later.

Fix

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200

Related Identifiers

BDU:2025-13932

CVE-2025-43495

Affected Products

Ios

Ipados

CVE-2025-43495

Weakness Enumeration

Related Identifiers

Affected Products

References · 6