Authentication Bypass by Primary Weakness

CVE-2025-31192

Medium

6.7/10

Summary

The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-305 - Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

References

Advisory Timeline

Published Mar 31, 2025

Authentication Bypass by Primary Weakness

CVE-2025-31192

Summary

CWE-305 - Authentication Bypass by Primary Weakness

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS