CVE-2025-30436

CRITICAL

iPadOS < 18.4 - Improper Access Control via Siri Auto-Answer Calls

Title source: llm
STIX 2.1

Description

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.4 and iPadOS 18.4. An attacker may be able to use Siri to enable Auto-Answer Calls.

References (1)

Core 1
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122371

Scores

CVSS v3 9.1
EPSS 0.0043
EPSS Percentile 63.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (3)
Apple/iOS and iPadOS < 18.4
apple/ipados < 18.4
apple/iphone_os < 18.4
Published May 12, 2025
Tracked Since Feb 18, 2026