CVE-2025-24090

ℹ️ low

Summary

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.

CVSS Score

3.3

Low

EPSS Score

0.0

Exploit Probability

Published Date

2026-01-16

First Seen: 2026-01-17

Last Modified 2026-01-27

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE IDs (Weakness Types)

CWE-200 CWE-284

🔗 References 1

https://support.apple.com/en-us/122066

Vendor Advisory

📦 Affected Products 2

Vendor	Product	Status	Affected Versions
apple	iphone_os	Affected	< 18.3
apple	ipados	Affected	< 18.3

🔗 Related CVEs 6

CVE ID	Severity	CVSS	Summary	Published
CVE-2025-46306	🔶 medium	5.5	The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPa...	2026-01-28
CVE-2025-46316	🔶 medium	4.3	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 26.1 and iPadOS 26.1, Pag...	2026-01-28
CVE-2024-44238	⚠️ high	7.8	The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able...	2026-01-16
CVE-2024-54556	ℹ️ low	2.4	This issue was addressed through improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. A user may ...	2026-01-16
CVE-2025-24089	🔶 medium	5.3	A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app ...	2026-01-16
CVE-2025-46286	🔶 medium	4.3	A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a ...	2026-01-09

These CVEs affect the same products