CVE-2025-43452 is a vulnerability identified in Apple’s iOS and iPadOS operating systems affecting the keyboard suggestion feature. Keyboard suggestions, also known as predictive text, provide users with word or phrase completions based on their typing habits and context. The vulnerability arises because these suggestions can appear on the lock screen, potentially exposing sensitive information such as passwords, personal data, or confidential text fragments without requiring device unlock or user authentication. This behavior violates the principle of least privilege and confidentiality by leaking information that should remain protected until the device is unlocked. The issue is categorized under CWE-359 (Exposure of Sensitive Information Through an Error Message) and was addressed by Apple in iOS and iPadOS 26.1 through restricting the options offered on locked devices, effectively preventing sensitive suggestions from appearing on the lock screen. The CVSS v3.1 base score is 4.6 (medium severity), reflecting the vulnerability’s limited attack vector (physical access required), no need for user interaction, and high confidentiality impact but no impact on integrity or availability. No exploits have been reported in the wild, indicating limited active exploitation. The vulnerability mainly affects all versions of iOS and iPadOS prior to 26.1, impacting a broad range of Apple mobile devices including iPhones and iPads.

The primary impact of CVE-2025-43452 is the potential unauthorized disclosure of sensitive information through keyboard suggestions displayed on the lock screen. This can lead to confidentiality breaches, especially if sensitive data such as passwords, private messages, or business-critical information is exposed. Attackers with physical access to a locked device could glean confidential information without needing to bypass the lock screen security mechanisms. Although the vulnerability does not affect data integrity or device availability, the exposure of sensitive data can facilitate further attacks such as social engineering, credential theft, or unauthorized access to accounts. Organizations with employees using Apple mobile devices in public or insecure environments are at increased risk. The vulnerability also poses privacy risks to individual users. Since no authentication or user interaction is required, the attack vector is straightforward but limited to physical access scenarios. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop techniques to leverage this vulnerability.

To mitigate CVE-2025-43452, organizations and users should promptly update all affected Apple devices to iOS and iPadOS version 26.1 or later, where the vulnerability is fixed by restricting keyboard suggestions on locked screens. Additionally, users should consider disabling keyboard suggestions or predictive text features if immediate updating is not possible, as this reduces the risk of sensitive data exposure. Enforcing strong physical security controls to prevent unauthorized access to devices is critical, including policies for device handling in public or shared spaces. Organizations should implement mobile device management (MDM) solutions to enforce timely updates and configure security settings centrally. Educating users about the risks of exposing sensitive information via predictive text and encouraging cautious typing behavior on mobile devices can further reduce risk. Monitoring for unusual access patterns or physical device tampering complements these technical controls. Finally, reviewing and limiting the types of sensitive information entered on mobile devices, especially when unattended, can minimize potential exposure.