{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43452", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.125Z", "datePublished": "2025-11-04T01:15:32.303Z", "dateUpdated": "2026-04-02T18:09:20.594Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Keyboard suggestions may display sensitive information on the lock screen"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen."}], "references": [{"url": "https://support.apple.com/en-us/125632"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:09:20.594Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-359", "lang": "en", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-04T16:14:56.496869Z", "id": "CVE-2025-43452", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-05T14:47:09.840Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43452", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-04T16:14:56.496869Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-04T16:15:58.296Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "0", "lessThan": "26.1", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125632"}], "descriptions": [{"lang": "en", "value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Keyboard suggestions may display sensitive information on the lock screen"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:09:20.594Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43452", "state": "PUBLISHED", "dateUpdated": "2026-04-02T18:09:20.594Z", "dateReserved": "2025-04-16T15:24:37.125Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-11-04T01:15:32.303Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D51AEDC-9086-4010-B3BF-C652D65D09C8", "versionEndExcluding": "26.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "3981A7BE-BC98-4C6F-AE38-D68839368925", "versionEndExcluding": "26.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen."}], "id": "CVE-2025-43452", "lastModified": "2025-11-05T15:15:37.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-04T02:15:50.837", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/125632"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T10:33:16.080806+00:00", "value": {"mitigation_remediation": ["Upgrade the device to iOS\u202f26.1 or iPadOS\u202f26.1 to receive the vendor patch.", "Until the update can be applied, disable lock\u2011screen keyboard suggestions via Settings \u2192 General \u2192 Keyboard if the option is available, to stop sensitive suggestions from appearing.", "Set the device to use a conservative screen lock timeout to reduce the window where keyboard suggestions could be displayed.", "Enforce a strong alphanumeric passcode or biometric authentication to limit physical access."], "summary": {"action": "Apply Patch", "impact": "Sensitive Data Disclosure"}, "threat_synthesis": {"affected_systems": "Apple iOS and iPadOS devices running versions earlier than iOS\u202f26.1 or iPadOS\u202f26.1 are affected. The fix is included in the 26.1 releases.", "description_and_impact": "The vulnerability originates from the way iOS and iPadOS present keyboard suggestions when a device is locked. The system may display snippets of previously typed sensitive text, such as passwords or personal messages, on the lock screen. This provides an information disclosure vector that could allow anyone physically in possession of the device to view that data without unlocking it. The weakness corresponds to CWE\u2011359, Sensitive Information Exposure.", "risk_and_exploitability": "The CVSS score is 4.6, indicating a medium severity with impact limited to confidentiality. The EPSS score is less than 1\u202f%, suggesting a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Because the data may be displayed on the lock screen, local or physical access is the most likely attack vector. The consequence is limited to data leakage."}}}}, "created": "2025-11-04T16:34:40.835800+00:00", "title": "Sensitive Data Leakage through Keyboard Suggestions on Lock Screen", "updated": "2026-04-28T10:45:29.412448+00:00", "vendors": ["apple", "apple$PRODUCT$ios", "apple$PRODUCT$ipados"]}