Cyber Resilience

CVE-2024-54525

High

Published: 17 March 2025

Published
17 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0146 81.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-54525 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Apple Ipados. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2024-54525 is a logic issue in file handling that enables the restoration of a maliciously crafted backup file to modify protected system files. The vulnerability affects Apple's iOS and iPadOS versions prior to 18.2, macOS Sequoia prior to 15.2, tvOS prior to 18.2, visionOS prior to 2.2, and watchOS prior to 11.2. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).

An attacker can exploit this vulnerability over the network with low complexity and no required privileges by tricking a user into restoring a malicious backup file, which requires user interaction. Successful exploitation allows modification of protected system files, resulting in high impacts to confidentiality, integrity, and availability.

Apple security advisories detail the fix through improved file handling in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, and watchOS 11.2. Mitigation involves updating to these patched versions, as outlined in the referenced support pages: https://support.apple.com/en-us/121837, https://support.apple.com/en-us/121839, https://support.apple.com/en-us/121843, https://support.apple.com/en-us/121844, and https://support.apple.com/en-us/121845.

EU & UK References

Vulnerability details

A logic issue was addressed with improved file handling. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Restoring a maliciously crafted backup file may lead to modification of protected…

more

system files.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1647 Plist File Modification Defense Impairment
Adversaries may modify property list files (plist files) to enable other malicious activity, while also potentially evading and bypassing system defenses.
Why these techniques?

The vulnerability enables exploitation via a maliciously crafted backup file that requires user interaction to restore (T1204.002 Malicious File). Successful exploitation allows modification of protected system files, which directly facilitates plist modification for boot or logon autostart execution on affected Apple platforms (T1547.011).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20675Same product: Apple Ipados
CVE-2026-28990Same product: Apple Ipados
CVE-2026-20611Same product: Apple Ipados
CVE-2024-54499Same product: Apple Ipados
CVE-2024-27856Same product: Apple Ipados
CVE-2025-24243Same product: Apple Ipados
CVE-2026-28860Same product: Apple Ipados
CVE-2025-24129Same product: Apple Ipados
CVE-2026-28947Same product: Apple Ipados
CVE-2026-20700Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 18.2
apple
iphone os
≤ 18.2
apple
macos
≤ 15.2
apple
tvos
≤ 18.2
apple
visionos
≤ 2.2
apple
watchos
≤ 11.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates inputs from backup file restoration to ensure maliciously crafted files cannot modify protected system files.

prevent

Enforces approved authorizations preventing unauthorized modification of protected system files during backup restoration.

detect

Monitors and verifies the integrity of protected system files to identify unauthorized changes from malicious backup restoration.

References