{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-24221","assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","state":"PUBLISHED","assignerShortName":"apple","dateReserved":"2025-01-17T00:00:45.004Z","datePublished":"2025-03-31T22:22:50.981Z","dateUpdated":"2026-04-02T18:11:39.008Z"},"containers":{"cna":{"problemTypes":[{"descriptions":[{"lang":"en","description":"Sensitive keychain data may be accessible from an iOS backup"}]}],"affected":[{"vendor":"Apple","product":"iOS and iPadOS","versions":[{"version":"0","status":"affected","lessThan":"18.4","versionType":"custom"}]},{"vendor":"Apple","product":"iPadOS","versions":[{"version":"0","status":"affected","lessThan":"17.7.6","versionType":"custom"}]},{"vendor":"Apple","product":"visionOS","versions":[{"version":"0","status":"affected","lessThan":"2.4","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"This issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4. Sensitive keychain data may be accessible from an iOS backup."}],"references":[{"url":"https://support.apple.com/en-us/122371"},{"url":"https://support.apple.com/en-us/122372"},{"url":"https://support.apple.com/en-us/122378"}],"providerMetadata":{"orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple","dateUpdated":"2026-04-02T18:11:39.008Z"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-863","lang":"en","description":"CWE-863 Incorrect Authorization"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":7.5,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-02T13:28:09.161349Z","id":"CVE-2025-24221","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-02T13:30:07.844Z"}},{"title":"CVE Program Container","references":[{"url":"http://seclists.org/fulldisclosure/2025/Apr/5"},{"url":"http://seclists.org/fulldisclosure/2025/Apr/4"},{"url":"http://seclists.org/fulldisclosure/2025/Apr/12"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T21:09:09.392Z"}}]}}