CVE-2025-24265
Published: 31 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-24265 is an out-of-bounds read vulnerability (CWE-125) addressed through improved bounds checking in macOS. It affects macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5.
The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), indicating a network-based attack vector with low attack complexity, no required privileges or user interaction, and unchanged scope. A remote, unauthenticated attacker can exploit it via a malicious app to cause unexpected system termination, with high impacts on confidentiality, integrity, and availability.
Apple's security advisories confirm the issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Mitigation requires updating to these patched versions, as detailed in support documents such as https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375, along with full disclosure notices on seclists.org.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The out-of-bounds read vulnerability allows remote unauthenticated exploitation leading to system termination, directly enabling application or system exploitation for endpoint denial of service.