CVE-2025-24249
Published: 31 March 2025
Description
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
Security Summary
CVE-2025-24249 is a permissions issue, classified under CWE-862 (Missing Authorization), affecting macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The vulnerability enables an app to check the existence of an arbitrary path on the file system, bypassing intended restrictions.
The CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates a critical severity vulnerability exploitable over the network with low attack complexity, no privileges, and no user interaction required. Any attacker able to deliver or influence an app on a targeted system could determine the presence of arbitrary file system paths, potentially enabling reconnaissance for further attacks with high impacts on confidentiality, integrity, and availability.
Apple addressed the issue through additional sandbox restrictions in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Security advisories on support.apple.com (HT122373, HT122374, HT122375) detail the fix, and practitioners should prioritize updating affected systems to mitigate exposure. Additional disclosure notes appear in seclists.org Full Disclosure archives from April 2025.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability directly enables bypassing sandbox restrictions to check existence of arbitrary filesystem paths, which maps to File and Directory Discovery (T1083) for reconnaissance.