CVE-2025-24233

Critical

Published: 31 March 2025

Published

31 March 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0066 71.2th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.

Security Summary

CVE-2025-24233 is a permissions issue, classified under CWE-863 (Incorrect Authorization), that was addressed through additional restrictions in Apple macOS. The vulnerability affects macOS Sequoia versions prior to 15.4, macOS Sonoma versions prior to 14.7.5, and macOS Ventura versions prior to 13.7.5. It enables a malicious app to bypass intended protections and read or write to protected files, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability.

The vulnerability can be exploited by an attacker with network access who delivers a malicious app to the target system, requiring no special privileges or user interaction beyond the app's installation. Once running, the app can access and modify protected files, potentially leading to unauthorized data exfiltration, tampering with system or user data, or disruption of services.

Apple security advisories detail the fix via additional permissions restrictions in the specified macOS updates (macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5). Practitioners should prioritize patching affected systems, as referenced in Apple's support documentation and full disclosure notices.

Details

CWE(s): CWE-863

Affected Products

apple

macos

13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

MITRE ATT&CK Enterprise Techniques

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1565.001 Stored Data Manipulation Impact

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

T1485 Data Destruction Impact

Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.

attack.mitre.org →

Why these techniques?

Vulnerability directly enables unauthorized read access to protected files (T1005 Data from Local System) and write access facilitating tampering (T1565.001 Stored Data Manipulation) or destruction (T1485 Data Destruction) of system/user data.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://support.apple.com/en-us/122373
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122374
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122375
Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Apr/10
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/8
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/9
af854a3a-2127-422b-91ae-364da2661108