CVE-2025-43203 is a vulnerability identified in Apple iOS and iPadOS operating systems that allows an attacker with physical access to an unlocked device to view an image contained in the most recently viewed locked note. The root cause is improper handling of caches related to the Notes application, which inadvertently exposes cached image data from locked notes even when the note itself is secured. This flaw does not require any user interaction or authentication, making it possible for an attacker who gains physical access to an unlocked device to bypass note-level protections and access sensitive image content. The vulnerability was addressed by Apple through improved cache management in iOS and iPadOS versions 18.7 and 26. The CVSS v3.1 base score is 4.0, reflecting low attack vector complexity (local physical access), no privileges required, no user interaction, and limited confidentiality impact, with no effect on integrity or availability. The weakness is categorized under CWE-922 (Improperly Controlled Modification of Dynamically-Determined Object Attributes), indicating a failure to properly control cached data visibility. No known exploits are reported in the wild as of the publication date. This vulnerability primarily affects Apple mobile device users who rely on the Notes app for storing sensitive images in locked notes.

The primary impact of CVE-2025-43203 is a confidentiality breach, where sensitive images stored in locked notes can be exposed to unauthorized individuals with physical access to an unlocked device. This could lead to privacy violations, leakage of proprietary or personal information, and potential reputational damage for individuals and organizations. Since exploitation requires physical access to an unlocked device, the risk is mitigated somewhat by device access controls but remains significant in environments where devices may be left unattended or stolen. There is no impact on data integrity or system availability, and no remote exploitation vector exists. Organizations with employees who store sensitive images in locked notes on Apple devices should consider this a moderate risk, especially in sectors handling confidential information such as healthcare, finance, legal, and government. The vulnerability could facilitate insider threats or opportunistic data theft in physical security-compromised scenarios.

To mitigate CVE-2025-43203, organizations and users should promptly update affected Apple devices to iOS and iPadOS versions 18.7 or 26 where the vulnerability is fixed. Until updates are applied, users should avoid leaving devices unlocked unattended and consider not storing highly sensitive images in locked notes. Employing device-level security measures such as strong passcodes, biometric locks, and automatic screen locking with minimal timeout can reduce the window of opportunity for exploitation. Additionally, organizations should enforce physical security policies to prevent unauthorized device access and educate users about the risks of leaving devices unlocked. For highly sensitive environments, consider alternative secure storage solutions with stronger encryption and access controls beyond the Notes app. Monitoring for unusual physical access or device loss incidents can also help detect potential exploitation attempts.