CVE Vulnerabilities

CVE-2025-31214

Channel Accessible by Non-Endpoint

Published: May 12, 2025 | Modified: May 28, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.

Weakness

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

Affected Software

Name Vendor Start Version End Version
Ipados Apple * 18.5 (excluding)
Iphone_os Apple * 18.5 (excluding)

Potential Mitigations

References