CVE-2025-24237
Published: 31 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-24237 is a buffer overflow vulnerability (CWE-120) that was addressed with improved bounds checking. It affects iOS versions prior to 18.4, iPadOS versions prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, visionOS prior to 2.4, and watchOS prior to 11.4. Published on 2025-03-31, the issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical severity.
A remote attacker with no privileges or user interaction can exploit this vulnerability over the network with low attack complexity. Exploitation by a malicious app may cause unexpected system termination, aligning with the high availability impact in the CVSS score, while also enabling potential high confidentiality and integrity impacts.
Apple's security advisories detail the patches in the listed updates. Mitigation involves applying these updates promptly. Additional information is available in the advisories at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Buffer overflow with remote network exploitation (AV:N, PR:N, UI:N) and potential RCE (high C/I impact) or DoS directly enables T1190 for initial access via public-facing or network-exposed components.