CVE-2025-46288_CVE-2025-46288

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens.

Basic Information

ID CVE-2025-46288

Source apple

Published Dec 17, 2025 at 20:46

Modified Dec 18, 2025 at 19:29

Affected Product

Vendor Apple

Product iOS and iPadOS

Version unspecified

Affected Versions Apple iOS and iPadOS unspecified
Apple visionOS unspecified
Apple macOS unspecified
Apple watchOS unspecified

CWE Classification

CWE-284

References

{
    "lastseen": "",
    "description": "A permissions issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, watchOS 26.2, macOS Tahoe 26.2. An app may be able to access sensitive payment tokens.",
    "published": "2025-12-17T20:46:42.281Z",
    "modified": "2025-12-18T19:29:20.420Z",
    "type": "cve",
    "title": "CVE-2025-46288",
    "source": "apple",
    "references": "https://support.apple.com/en-us/125884\nhttps://support.apple.com/en-us/125891\nhttps://support.apple.com/en-us/125886\nhttps://support.apple.com/en-us/125890",
    "id": "CVE-2025-46288",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "Apple iOS and iPadOS unspecified\nApple visionOS unspecified\nApple macOS unspecified\nApple watchOS unspecified",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "iOS and iPadOS",
    "version": "unspecified",
    "vendor": "Apple",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}