CVE-2025-43452 is a vulnerability identified in Apple’s iOS and iPadOS platforms where keyboard suggestions, a feature designed to assist users by predicting text input, may inadvertently display sensitive information on the device’s lock screen. This flaw arises because the keyboard suggestion mechanism does not adequately restrict the data it surfaces when the device is locked, potentially exposing confidential content such as personal messages, email fragments, or other sensitive text snippets without requiring device unlock or user interaction. The vulnerability is classified under CWE-359, indicating a failure to properly restrict or sanitize data exposure. Apple addressed this issue in iOS and iPadOS version 26.1 by limiting the options and content that keyboard suggestions can present when the device is locked, thereby preventing sensitive information leakage. The CVSS v3.1 base score of 4.6 reflects a medium severity, with the vector indicating that the attack requires physical proximity (AV:P - physical), has low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and impacts confidentiality (C:H) but not integrity or availability. There are no known exploits in the wild at this time, and the affected versions are unspecified but presumably all versions prior to 26.1. This vulnerability primarily threatens the confidentiality of data on iOS/iPadOS devices, especially in scenarios where devices are lost, stolen, or accessed by unauthorized individuals without unlocking them.

For European organizations, this vulnerability poses a confidentiality risk by potentially exposing sensitive corporate or personal information through keyboard suggestions on locked Apple devices. This could lead to unauthorized disclosure of emails, messages, or other confidential data, undermining privacy and potentially violating data protection regulations such as GDPR. Although the vulnerability does not affect data integrity or system availability, the leakage of sensitive information could facilitate social engineering attacks, identity theft, or corporate espionage. Organizations with employees using iPhones or iPads for work-related communications or data storage are particularly at risk. The physical proximity requirement limits remote exploitation, but the risk remains significant in environments where devices may be lost, stolen, or accessed by unauthorized personnel. The absence of known exploits reduces immediate threat but does not eliminate the risk, especially as attackers could develop methods to leverage this vulnerability. Overall, the impact is moderate but relevant for sectors handling sensitive or regulated data.

To mitigate this vulnerability, European organizations should prioritize updating all iOS and iPadOS devices to version 26.1 or later, where the issue is fixed. Device management policies should enforce timely OS updates and restrict use of outdated software. Additionally, organizations should review and configure lock screen settings to minimize data exposure, such as disabling keyboard suggestions on the lock screen if possible or limiting the types of data accessible without authentication. Implementing strong physical security controls to prevent device loss or theft is critical. Employee training should emphasize the importance of securing devices and recognizing risks associated with lock screen data exposure. For managed devices, Mobile Device Management (MDM) solutions can enforce security configurations and update compliance. Monitoring for unusual access attempts or data leakage incidents related to mobile devices can help detect exploitation attempts early. Finally, organizations should consider encrypting sensitive data and using secure communication apps that do not expose content through keyboard suggestions.