Channel Accessible by Non-Endpoint

CVE-2025-31214

High

8.1/10

Summary

This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged network position may be able to intercept network traffic.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-300 - Channel Accessible by Non-Endpoint

The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.

References

Advisory Timeline

Published May 12, 2025

Channel Accessible by Non-Endpoint

CVE-2025-31214

Summary

CWE-300 - Channel Accessible by Non-Endpoint

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS