CVE-2025-24260
Published: 31 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-24260 is a memory handling vulnerability, classified under CWE-400 (Uncontrolled Resource Consumption), affecting macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. Published on 2025-03-31, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for remote exploitation with low complexity and no user interaction or privileges required.
An attacker in a privileged position may exploit this vulnerability to perform a denial-of-service, aligning with the high availability impact in the CVSS score, though the vector also indicates high confidentiality and integrity impacts.
Apple advisories confirm the issue was addressed through improved memory handling in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Mitigation involves applying these updates, as detailed in support documents at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, and Full Disclosure mailing list entries at http://seclists.org/fulldisclosure/2025/Apr/10 and http://seclists.org/fulldisclosure/2025/Apr/8.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Remote unauthenticated memory handling vulnerability with high confidentiality, integrity, and availability impact enables exploitation of public-facing applications or services on macOS for initial access or system impact.