CVE-2025-24085
Published: 27 January 2025
Summary
CVE-2025-24085 is a critical-severity Use After Free (CWE-416) vulnerability in Apple Macos. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 5.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A use-after-free vulnerability, tracked as CVE-2025-24085 and assigned CWE-416, was present in multiple Apple operating systems. It has been resolved through improved memory management in the releases iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, and watchOS 11.3. The flaw carries a CVSS 3.1 base score of 10.0.
A malicious application can exploit the issue over a network with no authentication or user interaction required, achieving privilege escalation that affects confidentiality, integrity, and availability across affected devices. Apple has stated it is aware of reports indicating the vulnerability was actively exploited against iOS versions prior to iOS 17.2.
The vendor advisories published at support.apple.com URLs 122066, 122068, 122071, 122072, and 122073 direct administrators and users to install the listed updates as the primary mitigation.
The associated EPSS score rose from lower values after disclosure to a peak of 0.2843 on 2026-02-09 before receding to the current 0.1307, indicating post-publication exploitation interest that warrants renewed attention for unpatched systems.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3607
Vulnerability details
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious…
more
application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
- CWE(s)
- KEV Date Added
- 29 January 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free vulnerability directly enables a malicious application to elevate privileges on affected Apple platforms, matching Exploitation for Privilege Escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-16 implements memory protection mechanisms like address space randomization and non-executable memory to directly prevent exploitation of use-after-free vulnerabilities.
SI-2 mandates timely flaw remediation through patching, directly addressing the specific use-after-free vulnerability fixed in updated Apple OS versions.
AC-6 enforces least privilege to limit the scope and impact of privilege escalation by malicious applications exploiting the use-after-free issue.