CVE-2025-24247
Published: 31 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-24247 is a type confusion vulnerability addressed through improved checks in Apple macOS. It affects macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The issue is classified under CWE-400 (Uncontrolled Resource Consumption) and carries a CVSS v3.1 base score of 9.8, indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.
A remote attacker with no privileges or user interaction can exploit this vulnerability over the network. Successful exploitation may enable the attacker to cause unexpected application termination, potentially leading to broader system impacts aligned with the high CVSS scores for confidentiality, integrity, and availability violations.
Apple security advisories detail the fix via improved checks in the specified macOS updates: Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. Practitioners should prioritize patching affected systems, with further details available in the referenced support pages and full disclosure announcements.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a remotely exploitable type confusion vulnerability in macOS that requires no privileges or user interaction and can be triggered over the network, directly enabling T1190: Exploit Public-Facing Application for initial access and potential code execution or denial of service.