{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-30436", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-22T00:04:43.717Z", "datePublished": "2025-05-12T21:42:46.888Z", "dateUpdated": "2026-04-02T18:19:02.644Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker may be able to use Siri to enable Auto-Answer Calls"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls."}], "references": [{"url": "https://support.apple.com/en-us/122371"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:19:02.644Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-14T15:53:54.900347Z", "id": "CVE-2025-30436", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T16:18:29.443Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-30436", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-14T15:53:54.900347Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T16:18:24.861Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.4", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122371"}], "descriptions": [{"lang": "en", "value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker may be able to use Siri to enable Auto-Answer Calls"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-05-12T21:42:46.888Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30436", "state": "PUBLISHED", "dateUpdated": "2025-05-14T16:18:29.443Z", "dateReserved": "2025-03-22T00:04:43.717Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-05-12T21:42:46.888Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B3450F7-7B4A-46CE-A6E0-BBE6569F2EBF", "versionEndExcluding": "18.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990", "versionEndExcluding": "18.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls."}, {"lang": "es", "value": "Este problema se solucion\u00f3 restringiendo las opciones disponibles en un dispositivo bloqueado. Este problema se solucion\u00f3 en iOS 18.4 y iPadOS 18.4. Un atacante podr\u00eda usar Siri para habilitar la respuesta autom\u00e1tica de llamadas."}], "id": "CVE-2025-30436", "lastModified": "2025-05-27T13:58:06.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-12T22:15:20.927", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122371"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T11:22:15.855140+00:00", "value": {"mitigation_remediation": ["Upgrade the device to iOS\u00a018.4 or iPadOS\u00a018.4, which removes the ability to enable Auto\u2011Answer Calls via Siri on a locked device", "If an upgrade cannot be performed immediately, temporarily disable Siri on the locked device to prevent the execution of Auto\u2011Answer Commands", "While awaiting the update, also disable or limit Auto\u2011Answer Calls in the device settings to stop automatic activation until the patch is applied"], "summary": {"action": "Immediate Patch", "impact": "Unauthorized auto\u2011answer calls via Siri on locked devices"}, "threat_synthesis": {"affected_systems": "Apple iOS and iPadOS devices, including all iPhone and iPad models using the operating systems before the 18.4 release. The problem is fixed in iOS\u00a018.4 and iPadOS\u00a018.4; devices running earlier versions remain vulnerable.", "description_and_impact": "A configuration issue allows an attacker to use Siri while a device is locked to enable Auto\u2011Answer Calls, which can lead to unintended voice\u2011call activation and potential privacy or service abuse. The flaw resides in how options are presented on a locked device, thereby exposing a privileged function without appropriate access controls. The vulnerability falls under CWE\u2011284, indicating a weakness in access control that permits unauthorized functional use.", "risk_and_exploitability": "The CVSS score of 9.1 classifies this as a critical flaw, yet the EPSS score is less than 1\u202f%, suggesting a low current exploitation probability. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers would need to invoke Siri while the device is locked, which typically requires local access or a compromised voice\u2011assistant session. No remote exploitation path is described in the available data, so the threat is primarily limited to scenarios where an attacker can trigger Siri on a locked device."}}}}, "created": "2026-04-28T11:30:29.833406+00:00", "title": "Siri Auto\u2011Answer Calls on Locked iOS/iPadOS Devices", "updated": "2026-04-28T11:30:29.833422+00:00", "vendors": []}