CVE-2025-24273
Published: 31 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-24273 is an out-of-bounds write vulnerability (CWE-787) affecting Apple's macOS operating system. The issue, addressed through improved bounds checking, impacts macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact confidentiality, integrity, and availability consequences.
A remote attacker with no privileges or user interaction can exploit this vulnerability over the network with low complexity. Exploitation allows an app to cause unexpected system termination, effectively enabling denial-of-service, or to corrupt kernel memory, which could facilitate further privilege escalation or persistent system compromise.
Apple's security advisories detail the fix via improved bounds checking in the specified macOS updates (https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375). Additional details appear in full disclosure postings (http://seclists.org/fulldisclosure/2025/Apr/10, http://seclists.org/fulldisclosure/2025/Apr/8). Security practitioners should prioritize patching affected systems to mitigate risks.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Out-of-bounds write enables remote kernel memory corruption for privilege escalation (T1068) and system termination via exploitation (T1499.004).