CVE-2024-54525

High

Published: 17 March 2025

Published

17 March 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0146 81.0th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54525 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Apple Ipados. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 19.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Validates inputs from backup file restoration to ensure maliciously crafted files cannot modify protected system files.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations preventing unauthorized modification of protected system files during backup restoration.

SI-7 Software, Firmware, and Information Integrity good match

detect

Monitors and verifies the integrity of protected system files to identify unauthorized changes from malicious backup restoration.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

T1647 Plist File Modification Defense Impairment

Adversaries may modify property list files (plist files) to enable other malicious activity, while also potentially evading and bypassing system defenses.

attack.mitre.org →

Why these techniques?

The vulnerability enables exploitation via a maliciously crafted backup file that requires user interaction to restore (T1204.002 Malicious File). Successful exploitation allows modification of protected system files, which directly facilitates plist modification for boot or logon autostart execution on affected Apple platforms (T1547.011).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Restoring a maliciously crafted backup file may lead to modification of protected…

system files.

Deeper analysisAI

CVE-2024-54525 is a logic issue in file handling that enables the restoration of a maliciously crafted backup file to modify protected system files. The vulnerability affects Apple's iOS and iPadOS versions prior to 18.2, macOS Sequoia prior to 15.2, tvOS prior to 18.2, visionOS prior to 2.2, and watchOS prior to 11.2. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).

An attacker can exploit this vulnerability over the network with low complexity and no required privileges by tricking a user into restoring a malicious backup file, which requires user interaction. Successful exploitation allows modification of protected system files, resulting in high impacts to confidentiality, integrity, and availability.

Apple security advisories detail the fix through improved file handling in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, and watchOS 11.2. Mitigation involves updating to these patched versions, as outlined in the referenced support pages: https://support.apple.com/en-us/121837, https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121843, https://support.apple.com/en-us/121844, and https://support.apple.com/en-us/121845.

Details

CWE(s): CWE-434

Affected Products

apple

ipados

≤ 18.2

apple

iphone os

≤ 18.2

apple

macos

≤ 15.2

apple

tvos

≤ 18.2

apple

visionos

≤ 2.2

apple

watchos

≤ 11.2

CVEs Like This One

CVE-2026-20675Same product: Apple Ipados

CVE-2024-54499Same product: Apple Ipados

CVE-2026-20611Same product: Apple Ipados

CVE-2025-24243Same product: Apple Ipados

CVE-2025-43510Same product: Apple Ipados

CVE-2025-24137Same product: Apple Ipados

CVE-2025-24126Same product: Apple Ipados

CVE-2025-43347Same product: Apple Ipados

CVE-2025-24159Same product: Apple Ipados

CVE-2026-20650Same product: Apple Ipados

References

https://support.apple.com/en-us/121837
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/121839
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/121843
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/121844
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/121845
Release Notes, Vendor Advisory · product-security@apple.com