{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-24225", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-01-17T00:00:45.004Z", "datePublished": "2025-05-12T21:42:48.499Z", "dateUpdated": "2026-04-02T18:20:31.472Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing an email may lead to user interface spoofing"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "17.7.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An injection issue was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing an email may lead to user interface spoofing."}], "references": [{"url": "https://support.apple.com/en-us/122404"}, {"url": "https://support.apple.com/en-us/122405"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:20:31.472Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-14T14:20:45.426102Z", "id": "CVE-2025-24225", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T14:21:25.384Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:44:23.461Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:44:23.461Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-24225", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-14T14:20:45.426102Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T14:21:20.553Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.5", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122405"}, {"url": "https://support.apple.com/en-us/122404"}], "descriptions": [{"lang": "en", "value": "An injection issue was addressed with improved input validation. This issue is fixed in iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5. Processing an email may lead to user interface spoofing."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing an email may lead to user interface spoofing"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-05-12T21:42:48.499Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24225", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:44:23.461Z", "dateReserved": "2025-01-17T00:00:45.004Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-05-12T21:42:48.499Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "683ECAF8-DB29-40DB-963A-B95EA2A2AC01", "versionEndExcluding": "17.7.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "069735D6-38B4-402A-9E79-1961701C9AD3", "versionEndExcluding": "18.5", "versionStartIncluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF6AAC00-F384-4B0D-BBA9-C2AD278BF653", "versionEndExcluding": "18.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An injection issue was addressed with improved input validation. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7. Processing an email may lead to user interface spoofing."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de inyecci\u00f3n mejorando la validaci\u00f3n de entrada. Este problema se solucion\u00f3 en iPadOS 17.7.7, iOS 18.5 y iPadOS 18.5. Procesar un correo electr\u00f3nico puede provocar la suplantaci\u00f3n de la interfaz de usuario."}], "id": "CVE-2025-24225", "lastModified": "2026-04-02T19:19:22.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-12T22:15:20.260", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122404"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/6"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T11:21:53.257756+00:00", "value": {"mitigation_remediation": ["Upgrade every device to iOS 18.5 or later, or to iPadOS 18.5 or iPadOS 17.7.7 where available.", "Use a reliable email filtering solution to detect and block suspicious HTML content, and avoid opening links from unknown senders.", "Adjust mail settings to reduce or disable HTML content rendering, such as blocking external images or disabling rich HTML mail."], "summary": {"action": "Update OS", "impact": "User Interface Spoofing"}, "threat_synthesis": {"affected_systems": "All devices running versions of Apple iOS prior to 18.5 and iPadOS prior to 18.5 (iPadOS 17.7.7 also receiving the fix). These include iPhone and iPad models that support the affected operating system releases.", "description_and_impact": "An input validation weakness in the mail processing subsystem was corrected in the latest releases. The flaw allows crafted email content to inject UI elements that cause the operating system to display a spoofed interface, potentially deceiving users about the origin of notifications or messages. This injection is a classic instance of web-based UI manipulation, identified as CWE-79.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate impact. The EPSS score of less than 1% shows that exploitation is expected to be very uncommon, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need to craft an email that a user opens, making the vector indirect and dependent on social or phishing tactics. If successful, the attacker can manipulate the device\u2019s user interface to mislead the user without achieving code execution."}}}}, "created": "2026-04-28T11:30:29.833003+00:00", "title": "Injection in Email Handling Allows User Interface Spoofing on iOS/iPadOS", "updated": "2026-04-28T11:30:29.833018+00:00", "vendors": []}