CVE-2025-24250
Published: 31 March 2025
Description
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Security Summary
CVE-2025-24250 is a high-severity vulnerability (CVSS 9.8) in Apple's macOS operating system, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It stems from insufficient access restrictions that allow a malicious app functioning as an HTTPS proxy to access sensitive user data. The issue affects macOS versions prior to Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5.
An attacker can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). By deploying a malicious app that acts as an HTTPS proxy, the attacker gains high-impact access to sensitive user data, with potential for confidentiality (C:H), integrity (I:H), and availability (A:H) compromises.
Apple's security advisories confirm the vulnerability was addressed through improved access restrictions in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Security practitioners should prioritize updating affected systems, as detailed in the referenced support pages (e.g., https://support.apple.com/en-us/122373) and full disclosure archives.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability enables a malicious app to function as an HTTPS proxy and access sensitive user data due to insufficient access restrictions, directly facilitating Adversary-in-the-Middle attacks for intercepting network traffic.