{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-24091", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-01-17T00:00:44.966Z", "datePublished": "2025-04-30T17:21:08.931Z", "dateUpdated": "2026-04-02T18:17:46.578Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to cause a denial-of-service"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "17.7.3", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service."}], "references": [{"url": "https://support.apple.com/en-us/121838"}, {"url": "https://support.apple.com/en-us/122066"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:17:46.578Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-290", "lang": "en", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-30T20:00:52.048357Z", "id": "CVE-2025-24091", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T20:22:27.632Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-24091", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-30T20:00:52.048357Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T20:02:03.668Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "0", "lessThan": "18.3", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iPadOS", "versions": [{"status": "affected", "version": "0", "lessThan": "17.7.3", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/121838"}, {"url": "https://support.apple.com/en-us/122066"}], "descriptions": [{"lang": "en", "value": "An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to cause a denial-of-service"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:17:46.578Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24091", "state": "PUBLISHED", "dateUpdated": "2026-04-02T18:17:46.578Z", "dateReserved": "2025-01-17T00:00:44.966Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-04-30T17:21:08.931Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "03B2CC01-9482-433A-A0D3-076683F4B012", "versionEndExcluding": "17.7.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD29C5E9-9427-4C41-873F-C29493B892E4", "versionEndExcluding": "18.3", "versionStartIncluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "D81E83E3-DD8A-4392-96ED-2F88635D8430", "versionEndIncluding": "18.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service."}, {"lang": "es", "value": "Una aplicaci\u00f3n podr\u00eda suplantar las notificaciones del sistema. Las notificaciones sensibles ahora requieren permisos restringidos. Este problema se solucion\u00f3 en iOS 18.3, iPadOS 18.3 y iPadOS 17.7.3. Una aplicaci\u00f3n podr\u00eda causar una denegaci\u00f3n de servicio."}], "id": "CVE-2025-24091", "lastModified": "2025-05-12T19:43:23.130", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-04-30T18:15:39.203", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/121838"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/122066"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T02:06:14.145339+00:00", "value": {"mitigation_remediation": ["Install the latest supported operating system: iOS\u202f18.3 or newer, or iPadOS\u202f18.3 or\u202f17.7.3.", "Remove or prevent installation of applications that request notification\u2011related entitlements without the latest OS update.", "Continuously monitor for unexpected system\u2011level notification activity and apply subsequent security updates as released."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects devices running Apple iOS and iPadOS. Systems prior to iOS\u202f18.3 and iPadOS\u202f18.3 (or iPadOS\u202f17.7.3 for iPadOS\u2011only devices) are susceptible, whereas updated releases contain the fix.", "description_and_impact": "An application can masquerade as system alerts, potentially misleading users by displaying forged notifications. The flaw stems from an improper entitlement check, which is a form of weak authentication (CWE\u2011290). When exploited, an attacker might cause a denial\u2011of\u2011service by disrupting or hijacking notification delivery mechanisms.", "risk_and_exploitability": "The CVSS v3.1 score of 5.5 indicates moderate impact, and the EPSS score of less than 1% suggests low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Given that the flaw requires an application with restricted entitlements and operates within the device\u2019s local environment, the most likely attack vector is a local, user\u2011initiated installation of a malicious app."}}}}, "created": "2026-04-28T02:15:18.701433+00:00", "title": "App Can Impersonate System Notifications and Cause Denial of Service", "updated": "2026-04-28T02:15:18.701445+00:00", "vendors": []}