CVE-2025-24169
Published: 27 January 2025
Description
Adversaries may abuse internet browser extensions to establish persistent access to victim systems.
Security Summary
CVE-2025-24169 is a logging issue addressed through improved data redaction, affecting Safari on macOS Sequoia. The vulnerability enables a malicious app to bypass browser extension authentication. It impacts versions of Safari and macOS Sequoia prior to Safari 18.3 and macOS Sequoia 15.3, and is associated with CWE-532 (Insertion of Sensitive Information into Log File) and NVD-CWE-Other.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating network-based exploitation with low attack complexity, no required privileges or user interaction, and unchanged scope. A remote attacker deploying a malicious app can achieve high integrity impact by bypassing authentication for browser extensions, potentially allowing unauthorized access or control over extension functionality.
Apple security advisories confirm the issue was fixed in Safari 18.3 and macOS Sequoia 15.3. Mitigation involves updating to these patched versions. Additional details are available in Apple's support pages at https://support.apple.com/en-us/122068 and https://support.apple.com/en-us/122074, along with full disclosures on seclists.org at http://seclists.org/fulldisclosure/2025/Jan/15 and http://seclists.org/fulldisclosure/2025/Jan/20.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability directly enables bypass of browser extension authentication via logging flaw, facilitating abuse of browser extensions.