Cisco iOS
CVEs (949)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-43541 | 0.00 | — | 0.32 | Dec 17, 2025 | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. | |||
| CVE-2025-43437 | 0.00 | — | 0.00 | Dec 12, 2025 | An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user. | |||
| CVE-2025-43309 | 0.00 | — | 0.00 | Nov 4, 2025 | A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen. | |||
| CVE-2025-43460 | 0.00 | — | 0.00 | Nov 4, 2025 | A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information. | |||
| CVE-2025-43422 | 0.00 | — | 0.00 | Nov 4, 2025 | The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection. | |||
| CVE-2025-43377 | 0.00 | — | 0.00 | Nov 4, 2025 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to cause a denial-of-service. | |||
| CVE-2025-43399 | 0.00 | — | 0.01 | Nov 4, 2025 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access protected user data. | |||
| CVE-2025-43454 | 0.00 | — | 0.00 | Nov 4, 2025 | This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock. | |||
| CVE-2025-43442 | 0.00 | — | 0.00 | Nov 4, 2025 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to identify what other apps a user has installed. | |||
| CVE-2025-43452 | 0.00 | — | 0.00 | Nov 4, 2025 | This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen. | |||
| CVE-2025-30468 | 0.00 | — | 0.00 | Sep 15, 2025 | This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication. | |||
| CVE-2025-31254 | 0.00 | — | 0.00 | Sep 15, 2025 | This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection. | |||
| CVE-2025-31229 | 0.00 | — | 0.01 | Jul 29, 2025 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver. | |||
| CVE-2025-31185 | 0.00 | — | 0.00 | May 19, 2025 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication. | |||
| CVE-2025-31227 | 0.00 | — | 0.00 | May 12, 2025 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording. | |||
| CVE-2025-31207 | 0.00 | — | 0.00 | May 12, 2025 | A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps. | |||
| CVE-2025-31253 | 0.00 | — | 0.00 | May 12, 2025 | This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced. | |||
| CVE-2025-31214 | 0.00 | — | 0.00 | May 12, 2025 | This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic. | |||
| CVE-2025-20196 | 0.00 | — | 0.00 | May 7, 2025 | A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS)… | |||
| CVE-2025-20181 | 0.00 | — | 0.00 | May 7, 2025 | A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot… |
- CVE-2025-43541Dec 17, 2025risk 0.00cvss —epss 0.32
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
- CVE-2025-43437Dec 12, 2025risk 0.00cvss —epss 0.00
An information disclosure issue was addressed with improved privacy controls. This issue is fixed in iOS 26.1 and iPadOS 26.1. An app may be able to fingerprint the user.
- CVE-2025-43309Nov 4, 2025risk 0.00cvss —epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 26 and iPadOS 26. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen.
- CVE-2025-43460Nov 4, 2025risk 0.00cvss —epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a locked device may be able to view sensitive user information.
- CVE-2025-43422Nov 4, 2025risk 0.00cvss —epss 0.00
The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be able to disable Stolen Device Protection.
- CVE-2025-43377Nov 4, 2025risk 0.00cvss —epss 0.00
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to cause a denial-of-service.
- CVE-2025-43399Nov 4, 2025risk 0.00cvss —epss 0.01
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, macOS Tahoe 26.1. An app may be able to access protected user data.
- CVE-2025-43454Nov 4, 2025risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock.
- CVE-2025-43442Nov 4, 2025risk 0.00cvss —epss 0.00
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to identify what other apps a user has installed.
- CVE-2025-43452Nov 4, 2025risk 0.00cvss —epss 0.00
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 26.1 and iPadOS 26.1. Keyboard suggestions may display sensitive information on the lock screen.
- CVE-2025-30468Sep 15, 2025risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 26 and iPadOS 26. Private Browsing tabs may be accessed without authentication.
- CVE-2025-31254Sep 15, 2025risk 0.00cvss —epss 0.00
This issue was addressed with improved URL validation. This issue is fixed in Safari 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to unexpected URL redirection.
- CVE-2025-31229Jul 29, 2025risk 0.00cvss —epss 0.01
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.6 and iPadOS 18.6. Passcode may be read aloud by VoiceOver.
- CVE-2025-31185May 19, 2025risk 0.00cvss —epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3. Photos in the Hidden Photos Album may be viewed without authentication.
- CVE-2025-31227May 12, 2025risk 0.00cvss —epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker with physical access to a device may be able to access a deleted call recording.
- CVE-2025-31207May 12, 2025risk 0.00cvss —epss 0.00
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.5 and iPadOS 18.5. An app may be able to enumerate a user's installed apps.
- CVE-2025-31253May 12, 2025risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced.
- CVE-2025-31214May 12, 2025risk 0.00cvss —epss 0.00
This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.
- CVE-2025-20196May 7, 2025risk 0.00cvss —epss 0.00
A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop responding, resulting in a denial of service (DoS)…
- CVE-2025-20181May 7, 2025risk 0.00cvss —epss 0.00
A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an unauthenticated attacker with physical access to the device to execute persistent code at boot…
Page 27 of 48