CVE-2025-46308

MEDIUM

Apple Ios And iPadOS - Improper Access Control

Title source: rule

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.

References (2)

Core 2

Core References

https://support.apple.com/en-us/122371

https://support.apple.com/en-us/122373

Scores

CVSS v3 5.3

EPSS 0.0030

EPSS Percentile 21.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (5)

Apple/iOS and iPadOS < 18.4

apple/ipados < 18.4

apple/iphone_os < 18.4

Apple/macOS < 15.4

apple/macos < 15.4

Published Jun 11, 2026

Tracked Since Jun 12, 2026