CVE-2025-24269
Published: 31 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-24269 is a vulnerability addressed through improved memory handling in macOS. It affects versions of macOS prior to Sequoia 15.4 and is associated with CWE-400 (Uncontrolled Resource Consumption). The core issue allows an app to cause unexpected system termination, with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts across confidentiality, integrity, and availability.
A remote attacker with no privileges or user interaction can exploit this vulnerability over the network with low complexity. Exploitation enables high-impact effects, including unauthorized access to sensitive data (C:H), modification of system resources (I:H), and disruption of services such as unexpected system termination (A:H), potentially leading to denial of service or broader compromise.
Apple's advisory confirms the issue is fixed in macOS Sequoia 15.4. Mitigation requires updating affected systems to this version. Additional details are available in the Apple security update at https://support.apple.com/en-us/122373 and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Apr/8.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Vulnerability enables remote network exploitation of macOS memory handling leading to system termination (DoS) with potential broader compromise, directly mapping to public-facing app exploitation and application/system exploitation for DoS.