What is the CVSS score of CVE-2025-24090?

CVE-2025-24090 has a CVSS 3.1 base score of 3.3 (Low). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of iOS are affected by CVE-2025-24090?

CVE-2025-24090 is a low-severity vulnerability in A permissions involving information exposure (CVSS 3.3).

How to fix or mitigate CVE-2025-24090?

During next maintenance window: Apply vendor patches when convenient. Verify information disclosure controls are in place.

iOS CVE-2025-24090

LOW

Information Exposure (CWE-200)

2026-01-16 product-security@apple.com

Apple iOS

3.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

CVE Published

Jan 16, 2026 - 18:16 nvd

LOW 3.3

DescriptionNVD

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.

AnalysisAI

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. [CVSS 3.3 LOW]

Technical ContextAI

Classified as CWE-200 (Information Exposure). Affects Ipados. A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3. An app may be able to enumerate a user's installed apps.