CVE-2025-24256
Published: 31 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Security Summary
CVE-2025-24256 is a high-severity vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) stemming from insufficient bounds checks, classified under CWE-125 (Out-of-bounds Read). It affects macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5, enabling an app to disclose kernel memory.
A remote attacker with no privileges or user interaction required can exploit this over a network vector with low complexity. Successful exploitation allows the malicious app to read kernel memory, potentially leading to high impacts on confidentiality, integrity, and availability as scored by CVSS.
Apple security advisories detail the fix through improved bounds checks in the patched versions (macOS Sequoia 15.4, Sonoma 14.7.5, Ventura 13.7.5). Relevant updates are documented at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375, with additional full disclosure notes at http://seclists.org/fulldisclosure/2025/Apr/10 and http://seclists.org/fulldisclosure/2025/Apr/8. Security practitioners should prioritize updating affected systems.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote network exploitation (AV:N) of kernel out-of-bounds read enables initial access via public-facing components and facilitates privilege escalation plus credential access through memory disclosure.