Severity by source
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.2 and iPadOS 26.2. A user with physical access to an iOS device may be able to bypass Activation Lock.
AnalysisAI
A path handling vulnerability in iOS and iPadOS allows users with physical access to an iOS device to bypass Activation Lock through improved validation gaps in path handling logic. This authentication bypass affects iOS versions prior to 18.7.7 and 26.2, as well as corresponding iPadOS releases. While no CVSS score or EPSS data is publicly available, the physical access requirement and authentication bypass nature indicate a meaningful risk to device security and stolen device protection.
Technical ContextAI
The vulnerability stems from inadequate path validation in iOS and iPadOS's Activation Lock mechanism, which is the authentication framework preventing unauthorized access to Apple devices after factory reset. The affected technology involves the device's path handling routines (likely within the boot or authentication subsystem) that fail to properly validate or sanitize file paths during the lock verification process. Per CPE designation (cpe:2.3:a:apple:ios_and_ipados), this affects the core iOS and iPadOS operating system rather than a discrete application component. While no explicit CWE is assigned, this aligns with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) or CWE-434 (Unrestricted Upload of File with Dangerous Type), indicating insufficient path canonicalization or validation logic.
RemediationAI
Immediately update iOS or iPadOS to version 18.7.7 or 26.2 or later via Settings > General > Software Update. For organizations managing iOS devices, deploy mandatory mobile device management (MDM) policies enforcing automatic security updates and restrict physical device access to authorized personnel only. Until patching is complete, enable additional security measures such as longer alphanumeric Activation Lock credentials, two-factor authentication on associated Apple ID accounts, and physical device monitoring to prevent unauthorized possession. Users should also enable Find My iPhone and ensure their Apple ID password is unique and secure to prevent credential-based Activation Lock bypass attempts that may accompany this vulnerability. Refer to Apple's official security advisories at https://support.apple.com/en-us/125884 and https://support.apple.com/en-us/126793 for detailed update instructions.
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability
Apple's kernel across all platforms (iOS, macOS, watchOS, visionOS, tvOS) contains a memory corruption vulnerability (CV
A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability
The DLSw implementation in Cisco IOS does not initialize packet buffers, which allows remote attackers to obtain sensiti
The issue was addressed with improved checks. Rated high severity (CVSS 7.0). Actively exploited in the wild (cisa kev)
AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mo
A vulnerability in the Cisco IOx application hosting environment of multiple Cisco platforms could allow an authenticate
Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.
Memory corruption vulnerabilities in Apple's graphics texture processing engine across iOS, iPadOS, macOS, tvOS, visionO
Buffer overflow memory corruption in Apple file parsing components allows remote code execution across iOS 18.6, iPadOS
A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerabi
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208977