{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31229", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-27T16:13:58.322Z", "datePublished": "2025-07-29T23:29:12.642Z", "dateUpdated": "2026-04-02T18:13:54.245Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Passcode may be read aloud by VoiceOver"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver."}], "references": [{"url": "https://support.apple.com/en-us/124147"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:13:54.245Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-261", "lang": "en", "description": "CWE-261 Weak Encoding for Password"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-30T13:29:51.283655Z", "id": "CVE-2025-31229", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-31T17:57:56.036Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jul/30"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:50:41.224Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jul/30"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:50:41.224Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-31229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-30T13:29:51.283655Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-261", "description": "CWE-261 Weak Encoding for Password"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T13:29:53.235Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.6", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/124147"}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Passcode may be read aloud by VoiceOver"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-07-29T23:35:25.049Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31229", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:50:41.224Z", "dateReserved": "2025-03-27T16:13:58.322Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-07-29T23:29:12.642Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "8ED4015E-C707-4A91-86B3-23100E0DFA8F", "versionEndExcluding": "18.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "BD9D42A7-DE2A-4D5A-8C7B-002A60148483", "versionEndExcluding": "18.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver."}, {"lang": "es", "value": "Se solucion\u00f3 un problema l\u00f3gico mejorando las comprobaciones. Este problema se solucion\u00f3 en iOS 18.6 y iPadOS 18.6. VoiceOver permite leer el c\u00f3digo de acceso en voz alta."}], "id": "CVE-2025-31229", "lastModified": "2025-11-03T20:18:20.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-30T00:15:30.280", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124147"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jul/30"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-261"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T00:56:33.957170+00:00", "value": {"mitigation_remediation": ["Apply the iOS\u202f18.6 or iPadOS\u202f18.6 update", "If an update is not immediately available, disable VoiceOver while entering the passcode", "Limit physical access to the device to prevent local attackers from leveraging VoiceOver"], "summary": {"action": "Patch", "impact": "Passcode exposure through VoiceOver"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Apple iOS and iPadOS devices running versions prior to iOS\u202f18.6 and iPadOS\u202f18.6. All affected models are susceptible until the official update is applied.", "description_and_impact": "A logic flaw in Apple iOS and iPadOS allows the VoiceOver accessibility feature to read aloud the device passcode during entry, potentially exposing the credential to anyone able to hear the device. This flaw lets an attacker obtain the passcode without bypassing the authentication process. The weakness aligns with improper handling of authentication credentials (CWE\u2011261) and directly threatens user confidentiality.", "risk_and_exploitability": "The flaw carries a CVSS score of 9.1, indicating critical severity, while the EPSS score of less than 1% suggests low likelihood of widespread exploitation at present. It is not listed in the CISA KEV catalog. Likely attack vectors involve a local attacker who can force the device into a state where VoiceOver is active while the passcode is entered, then capture the spoken passcode. No remote exploitation is documented in the description."}}}}, "created": "2026-04-28T01:00:10.118284+00:00", "title": "Passcode Exposure via VoiceOver in iOS and iPadOS", "updated": "2026-04-28T01:00:10.118302+00:00", "vendors": []}