CVE-2025-43203 is a vulnerability identified in Apple iOS and iPadOS that allows an attacker with physical access to an unlocked device to view an image contained within the most recently viewed locked note. The root cause is improper handling of caches related to locked notes, which inadvertently exposes cached image data even when the note is locked. This flaw does not require any privileges or user interaction beyond physical access to an unlocked device, making it a local attack vector. The vulnerability affects unspecified versions prior to iOS 26 and iPadOS 26, including iOS 18.7 and iPadOS 18.7 where it has been fixed. The CVSS v3.1 score is 4.0 (medium), reflecting low complexity (low attack complexity), no privileges required, no user interaction, and limited confidentiality impact (only image data exposure). The vulnerability is categorized under CWE-922 (Improperly Controlled Modification of Dynamically-Determined Object Attributes), indicating a failure in secure cache management. There are no known exploits in the wild at the time of publication. The issue was addressed by Apple through improved cache handling to prevent unauthorized image exposure from locked notes. This vulnerability primarily threatens confidentiality, as it allows unauthorized viewing of sensitive images without affecting data integrity or system availability.

For European organizations, the primary impact of CVE-2025-43203 is the potential unauthorized disclosure of sensitive images stored in locked notes on Apple iOS and iPadOS devices. This could lead to privacy breaches, exposure of confidential business information, or personal data leakage, especially in sectors handling sensitive or regulated data such as finance, healthcare, legal, and government. The vulnerability requires physical access to an unlocked device, which limits remote exploitation but raises concerns in environments where devices may be lost, stolen, or accessed by unauthorized personnel. The confidentiality breach could undermine trust and compliance with data protection regulations such as GDPR, potentially resulting in legal and reputational consequences. Since the vulnerability does not affect integrity or availability, operational disruption is unlikely. However, the ease of exploitation with physical access and no need for user interaction increases the risk in scenarios involving insider threats or opportunistic attackers. Organizations relying heavily on Apple mobile devices for secure note-taking should prioritize patching to prevent inadvertent data exposure.

1. Ensure all Apple iOS and iPadOS devices are updated promptly to iOS 26, iPadOS 26, or iOS/iPadOS 18.7 or later where the vulnerability is fixed. 2. Enforce strict physical security policies to prevent unauthorized access to unlocked devices, including device lock enforcement and secure storage. 3. Educate users on the importance of locking devices when unattended and the risks of leaving devices unlocked in public or shared spaces. 4. Implement mobile device management (MDM) solutions to enforce automatic locking policies and monitor device compliance. 5. Limit the use of locked notes for storing highly sensitive images or data, or use additional encryption tools for sensitive content. 6. Regularly audit and review device security posture and access logs to detect potential unauthorized physical access. 7. Consider disabling or restricting note caching features if configurable, to reduce residual data exposure risk. 8. Develop incident response plans that include procedures for lost or stolen devices to quickly revoke access and mitigate data leakage.