CVE-2025-31271 is a vulnerability affecting Apple macOS devices that allows incoming FaceTime calls to appear or be accepted on a locked device, even when lock screen notifications are disabled. This behavior results from improper state management within the FaceTime application or the underlying operating system, permitting an attacker to bypass lock screen restrictions. The vulnerability is classified under CWE-287, which relates to improper authentication or authorization mechanisms. Exploitation requires no user interaction or prior authentication, and the attack vector is network-based, meaning an attacker can initiate a FaceTime call remotely to trigger the issue. The flaw compromises the integrity of the device by allowing unauthorized acceptance of calls, potentially enabling eavesdropping or unauthorized communication. The vulnerability does not impact confidentiality directly but can lead to privacy violations. Availability is not affected. Apple resolved this issue in macOS Tahoe 26 by improving the state management logic to ensure that incoming calls cannot bypass lock screen notification settings. The CVSS v3.1 base score is 7.5 (high), reflecting the ease of exploitation and the impact on integrity without requiring user interaction or privileges. No known exploits have been reported in the wild as of the publication date, but the vulnerability represents a significant risk to macOS users, especially in environments where device security and privacy are critical.

The primary impact of CVE-2025-31271 is the unauthorized acceptance of FaceTime calls on locked macOS devices, which can lead to unauthorized access to audio and video communication channels. This undermines user privacy and device integrity, as attackers can potentially listen or communicate without the user's knowledge or consent. For organizations, this vulnerability could facilitate espionage, unauthorized surveillance, or social engineering attacks by exploiting trusted communication channels. The lack of required authentication or user interaction lowers the barrier for exploitation, increasing the risk of widespread abuse. Although availability is not affected, the breach of communication integrity and privacy can have severe consequences, especially for sectors handling sensitive or confidential information such as government, finance, healthcare, and technology. The vulnerability also erodes user trust in macOS security features, particularly the lock screen protections designed to prevent unauthorized access. Organizations relying on macOS devices for secure communications must consider this vulnerability a significant threat until patched.

To mitigate CVE-2025-31271, organizations and users should promptly update affected macOS devices to macOS Tahoe 26 or later, where the vulnerability is fixed through improved state management. Until patching is possible, administrators should consider disabling FaceTime on devices that require high security or restrict network access to FaceTime services via firewall rules to reduce exposure. Implementing device management policies that enforce strict lock screen security and monitoring unusual FaceTime call activity can help detect potential exploitation attempts. Additionally, educating users about the risk of accepting unexpected FaceTime calls, even on locked devices, can reduce the likelihood of successful exploitation. For organizations with sensitive environments, consider deploying endpoint detection and response (EDR) solutions capable of identifying anomalous FaceTime behavior. Regularly auditing macOS device configurations and applying security baselines that limit unnecessary services will further reduce the attack surface. Finally, maintain awareness of Apple security advisories for any updates or additional mitigations related to this vulnerability.