CVE-2025-24091

MEDIUM

iPadOS < 17.7.3 and < 18.3 - Authentication Bypass via System Notification Spoofing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-24091. PoCs published by rooootdev.

AI-analyzed exploit summary The repository provides minimal details about an iOS app exploiting CVE-2025-24091 but lacks actual exploit code or technical specifics. It directs users to download a pre-built .ipa file, which is suspicious without transparency.

Description

An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.

Exploits (1)

nomisec STUB 1 stars

by rooootdev · poc

https://github.com/rooootdev/evilnotify

View Code ZIP pw:eip

The repository provides minimal details about an iOS app exploiting CVE-2025-24091 but lacks actual exploit code or technical specifics. It directs users to download a pre-built .ipa file, which is suspicious without transparency.

Classification

Stub 30%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: iOS (version unspecified)

No auth needed

Prerequisites: iOS device · sideloading capability

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://support.apple.com/en-us/121838

Vendor Advisory

https://support.apple.com/en-us/122066

Scores

CVSS v3 5.5

EPSS 0.0025

EPSS Percentile 16.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (4)

Apple/iOS and iPadOS < 18.3

apple/ipados < 17.7.3

Apple/iPadOS < 17.7.3

apple/iphone_os < 18.3

Published Apr 30, 2025

Tracked Since Feb 18, 2026