CVE-2025-24091

MEDIUM

Apple Ipados < 17.7.3 - Authentication Bypass by Spoofing

Title source: rule

Description

An app could impersonate system notifications. Sensitive notifications now require restricted entitlements. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.3. An app may be able to cause a denial-of-service.

Exploits (1)

nomisec STUB 1 stars

by rooootdev · poc

https://github.com/rooootdev/evilnotify

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://support.apple.com/en-us/121838

[Vendor Advisory] https://support.apple.com/en-us/122066

Scores

CVSS v3 5.5

EPSS 0.0026

EPSS Percentile 49.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-290

Status published

Products (4)

Apple/iOS and iPadOS < 18.3

apple/ipados < 17.7.3

Apple/iPadOS < 17.7.3

apple/iphone_os < 18.3

Published Apr 30, 2025

Tracked Since Feb 18, 2026