This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/124147 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/124148 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
31 Jul 2025, 21:00
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Apple
Apple ipados Apple iphone Os |
|
| References | () https://support.apple.com/en-us/124147 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/124148 - Release Notes, Vendor Advisory | |
| CPE | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
31 Jul 2025, 18:42
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (es) Este problema se solucionó mejorando la gestión del estado. Este problema se solucionó en iOS 18.6, iPadOS 18.6 y iPadOS 17.7.9. El contenido remoto se puede cargar incluso con la opción 'Load Remote Images' desactivada. |
30 Jul 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
| Summary |
|
|
| CWE | CWE-359 |
30 Jul 2025, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-07-30 00:15
Updated : 2025-07-31 21:00
NVD link : CVE-2025-31276
Mitre link : CVE-2025-31276
CVE.ORG link : CVE-2025-31276
JSON object : View
Products Affected
apple
- iphone_os
- ipados
CWE
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor