CVE-2019-25071 MEDIUM

CVE-2019-25071: Apple iOS Siri Self privileges management

Vendor Apple

Product iOS

Weakness CWE-269

Published June 25, 2022

Last update May 30, 2025

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications.

Key dates

02Disclosure timeline

June 25, 2022 CVE published

May 30, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25071 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

Identifiers

CVE CVE-2019-25071

CWE CWE-269

CVSS 6.3 / MEDIUM

Affected versions

Vendor Apple

Product iOS

Affected 12.4.0

Vendor Apple

Product iOS

Affected 12.4.1

CVE-2019-25071: Apple iOS Siri Self privileges management

01Description

02Disclosure timeline

03References

04Related CVE