CVE-2025-46286 — Vulnetix

CVE-2025-46286 PUBLISHED CVSS 4.300000190734863 MEDIUM

A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enrollment.

EPSS 0.05% · 17.3th percentile

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS Score

0.05%

17.3th percentile

Affected Products

Vendor	Product	Versions
Apple	iOS and iPadOS	*
apple	ipados	0
apple	iphone_os	0

Exploit Intelligence

https://support.apple.com/en-us/125884 (circl)
ios_v2_generated.go (github-poc)
ios_v2_generated.go (github-poc)
ios_v2_generated.go (github-poc)
ios_v2_generated.go (github-poc)
ios_v1_generated.go (github-poc)
ios_v1_generated.go (github-poc)
ios_v1_generated.go (github-poc)
ios_v1_generated.go (github-poc)

Timeline

Apr 22, 2025 CVE ID Reserved
Jan 9, 2026 CVE Published
Jan 10, 2026 EPSS Score
Jan 13, 2026 EPSS Score
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 22, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 29, 2026 EPSS Score
Feb 1, 2026 EPSS Score
Feb 4, 2026 EPSS Score
Feb 7, 2026 EPSS Score

References

Open in Interactive Console →