CVE-2025-24254
Published: 31 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-24254 is a privilege escalation vulnerability stemming from inadequate validation of symbolic links in macOS. It affects macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The issue, classified under CWE-269 (Improper Privilege Management), received a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) upon its publication on March 31, 2025.
An authenticated user with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation enables the attacker to gain elevated privileges, potentially resulting in high confidentiality, integrity, and availability impacts on the affected system.
Apple's security advisories detail the fix as improved symlink validation, with patches available in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Additional details appear in support documents at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375, alongside full disclosure discussions on seclists.org from early April 2025.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a privilege escalation vulnerability in macOS due to inadequate symbolic link validation (CWE-269), directly enabling T1068 Exploitation for Privilege Escalation by allowing low-privileged authenticated users to gain elevated access.