CVE-2025-24139
Published: 27 January 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-24139 is a vulnerability in macOS that allows parsing a maliciously crafted file to lead to an unexpected application termination. The issue, addressed through improved checks, affects macOS versions prior to Sequoia 15.3, Sonoma 14.7.3, Ventura 13.7.3, and Ventura 13.7.5. It carries a CVSS v3.1 base score of 5.5 (medium severity) and is associated with CWE-787 (out-of-bounds write), though additional CWE details are unavailable from NVD.
Exploitation requires local access with low complexity and no privileges, but user interaction is necessary to open the malicious file. A local attacker can achieve high availability impact by causing the targeted application to crash, with no effects on confidentiality or integrity and no scope change.
Apple security advisories, detailed in support pages such as https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, https://support.apple.com/en-us/122070, https://support.apple.com/en-us/122375, and http://seclists.org/fulldisclosure/2025/Apr/10, confirm mitigation via updates to the listed macOS versions.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables crashing a target application via malicious file parsing (out-of-bounds write leading to termination), directly mapping to application exploitation for denial of service.