Cyber Resilience

CVE-2025-24085

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 27 January 2025

Published
27 January 2025
Modified
03 April 2026
KEV Added
29 January 2025
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.1307 94.3th percentile
Risk Priority 48 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24085 is a critical-severity Use After Free (CWE-416) vulnerability in Apple Macos. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 5.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A use-after-free vulnerability, tracked as CVE-2025-24085 and assigned CWE-416, was present in multiple Apple operating systems. It has been resolved through improved memory management in the releases iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, and watchOS 11.3. The flaw carries a CVSS 3.1 base score of 10.0.

A malicious application can exploit the issue over a network with no authentication or user interaction required, achieving privilege escalation that affects confidentiality, integrity, and availability across affected devices. Apple has stated it is aware of reports indicating the vulnerability was actively exploited against iOS versions prior to iOS 17.2.

The vendor advisories published at support.apple.com URLs 122066, 122068, 122071, 122072, and 122073 direct administrators and users to install the listed updates as the primary mitigation.

The associated EPSS score rose from lower values after disclosure to a peak of 0.2843 on 2026-02-09 before receding to the current 0.1307, indicating post-publication exploitation interest that warrants renewed attention for unpatched systems.

EU & UK References

Vulnerability details

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious…

more

application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

CWE(s)
KEV Date Added
29 January 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Use-after-free vulnerability directly enables a malicious application to elevate privileges on affected Apple platforms, matching Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-20700Same product: Apple Ipadosboth on KEV
CVE-2026-43668Same product: Apple Ipados
CVE-2025-43520Same product: Apple Ipadosboth on KEV
CVE-2025-43510Same product: Apple Ipadosboth on KEV
CVE-2025-43529Same product: Apple Ipadosboth on KEV
CVE-2026-20687Same product: Apple Ipados
CVE-2026-28947Same product: Apple Ipados
CVE-2026-20698Same product: Apple Ipados
CVE-2024-54499Same product: Apple Ipados
CVE-2026-28883Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 17.7.6 · 18.0 — 18.3
apple
iphone os
≤ 18.3
apple
macos
13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.3
apple
tvos
≤ 18.3
apple
visionos
≤ 2.3
apple
watchos
≤ 11.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-16 implements memory protection mechanisms like address space randomization and non-executable memory to directly prevent exploitation of use-after-free vulnerabilities.

prevent

SI-2 mandates timely flaw remediation through patching, directly addressing the specific use-after-free vulnerability fixed in updated Apple OS versions.

prevent

AC-6 enforces least privilege to limit the scope and impact of privilege escalation by malicious applications exploiting the use-after-free issue.

References