Technical Overview
THIS IS A NEW VULNERABILITY; IT HAS NOT YET RECEIVED AN CVE SCORE. URGENT UPDATES REQUIRED
CVE-2025–24200 is an authorisation vulnerability affecting iOS and iPadOS devices. Specifically, it allows a physical attacker to disable USB Restricted Mode on a locked device. USB Restricted Mode is a security feature designed to prevent unauthorised access to the device’s data through USB connections. The flaw stems from incorrect state management in the operating system, which could be exploited in a sophisticated attack targeting specific individuals.
The vulnerability has been addressed in the latest updates: iPadOS 17.7.5, iOS 18.3.1, and iPadOS 18.3.1. Users running older versions are at risk and should update their devices immediately to mitigate potential exploitation. Also note that this is “an extremely sophisticated attack against specific targeted individuals.” However, Apple still recommends updating devices to the latest iOS release to remediate this vulnerability.
EPSS and Threat Analysis
The Exploit Prediction Scoring System (EPSS) score for CVE-2025–24200 highlights its critical importance. With a base score of 7.5, classified as high severity, this score reflects both the relative ease with which the vulnerability can be exploited and the significant impact such an exploit could have. The recent increase in the EPSS score indicates a growing threat, especially since the vulnerability has been added to CISA’s catalogue of known exploited vulnerabilities. However, current exploitation appears to be limited to specific targets due to the complexity of the attack. Despite this, the potential impact is considerable, as the vulnerability compromises device integrity by enabling unauthorized access.
Remediation Steps
To protect against this vulnerability, users should take the following steps:
1. Update Devices: Ensure your iOS and iPadOS devices are updated to versions iPadOS 17.7.5, iOS 18.3.1, or iPadOS 18.3.1. These updates contain the necessary patches to address the authorisation issue.
2. Follow Vendor Guidance: Adhere to the mitigation instructions provided by Apple. Detailed guidance can be found on the Apple Support page here.
3. Monitor for Updates: Stay informed about any new updates or advisories from Apple and other authoritative sources.
By taking these steps, users can significantly reduce the risk posed by CVE-2025–24200 and maintain the security of their devices. For more information, refer to the detailed CVE entry on the NIST website.