CVE-2025-31207

HIGH

Apple Ipados < 18.5 - Information Disclosure

Title source: rule

Description

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.

Exploits (1)

nomisec WORKING POC 4 stars

by iCrazeiOS · poc

https://github.com/iCrazeiOS/AppEnumFix

View Code ZIP pw:eip

References (2)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/122404

[Mailing List] http://seclists.org/fulldisclosure/2025/May/5

Scores

CVSS v3 7.7

EPSS 0.0012

EPSS Percentile 30.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE

CWE-200

Status published

Products (3)

Apple/iOS and iPadOS < 18.5

apple/ipados < 18.5

apple/iphone_os < 18.5

Published May 12, 2025

Tracked Since Feb 18, 2026