CVE-2025-31253 – This vulnerability in iOS/iPadOS FaceTime allow... (How to Fix)

Q: What is the severity of CVE-2025-31253?

CVE-2025-31253 has a CVSS score of 7.1 (HIGH). This vulnerability in iOS/iPadOS FaceTime allows audio to continue transmitting even when the microphone is muted during calls. This affects users of Apple devices running vulnerable iOS/iPadOS versions who use FaceTime with the mute feature.

📋 TL;DR

This vulnerability in iOS/iPadOS FaceTime allows audio to continue transmitting even when the microphone is muted during calls. This affects users of Apple devices running vulnerable iOS/iPadOS versions who use FaceTime with the mute feature.

💻 Affected Systems

Products:

iOS
iPadOS

Versions: Versions before iOS 18.5 and iPadOS 18.5

Operating Systems: iOS, iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects FaceTime calls where mute functionality is used. Requires FaceTime app to be installed and used.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive conversations continue to be transmitted to call participants even when users believe they have muted themselves, potentially exposing confidential information.

🟠

Likely Case

Users unintentionally share private audio during FaceTime calls when they believe they have muted themselves, leading to privacy violations.

🟢

If Mitigated

No audio privacy impact when proper patching is applied and users verify mute functionality works correctly.

🌐 Internet-Facing: MEDIUM - Requires active FaceTime call with external participants, but exploitation is passive and doesn't require attacker action.

🏢 Internal Only: LOW - Primarily affects individual privacy during calls rather than internal network/system compromise.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation is passive - simply being on a FaceTime call with a vulnerable user who mutes themselves could expose audio. No special attacker action required beyond normal call participation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 18.5, iPadOS 18.5

Vendor Advisory: https://support.apple.com/en-us/122404

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Tap General. 3. Tap Software Update. 4. Download and install iOS 18.5/iPadOS 18.5. 5. Restart device when prompted.

🔧 Temporary Workarounds

Avoid FaceTime mute

all

Do not rely on mute functionality during FaceTime calls on vulnerable devices

Use alternative communication

all

Use other video/audio calling apps that don't have this vulnerability

🧯 If You Can't Patch

Avoid using FaceTime for sensitive conversations
Physically disconnect or cover device microphone when privacy is required

🔍 How to Verify

Check if Vulnerable:

Check iOS/iPadOS version in Settings > General > About > Software Version. If version is earlier than 18.5, device is vulnerable.

Check Version:

Settings > General > About > Software Version

Verify Fix Applied:

After updating to iOS/iPadOS 18.5, test FaceTime mute functionality with another device to confirm audio is properly silenced.

📡 Detection & Monitoring

Log Indicators:

No specific log indicators for this vulnerability as it's a privacy issue rather than an active attack

Network Indicators:

No network-based detection as this is a client-side privacy issue

SIEM Query:

Not applicable - this is a client-side privacy vulnerability without active exploitation indicators

📊 Metadata

CVE ID: CVE-2025-31253

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE: CWE-672

EPSS Score: 0.09% exploit probability (26.2th percentile)

Published: May 12, 2025

Last Updated: November 3, 2025

🔗 References

https://support.apple.com/en-us/122404 Release Notes,Vendor Advisory
http://seclists.org/fulldisclosure/2025/May/5

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-31253, you might also want to check these: