CVE-2025-24253
Published: 31 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-24253 is a vulnerability in macOS involving improper handling of symlinks, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It affects macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The issue allows an app to access protected user data, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of required privileges or user interaction.
A remote attacker with no privileges can exploit this vulnerability over the network without user interaction. Successful exploitation enables the attacker to gain high-impact access to protected user data, potentially compromising confidentiality, integrity, and availability through the symlink mishandling mechanism.
Apple's security advisories detail the fix as improved symlink handling in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Practitioners should apply these updates promptly, as referenced in Apple support documents (e.g., https://support.apple.com/en-us/122373) and Full Disclosure mailing list postings from April 2025.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote unauthenticated access to protected user data via symlink mishandling directly enables T1190 (exploiting public-facing apps for initial access) and facilitates T1005 (collecting sensitive data from local system).