Cyber Posture

CVE-2025-24107

High

Published: 27 January 2025

Published
27 January 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 1.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24107 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 1.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match
prevent

Employs least privilege to restrict malicious apps from escalating to root access beyond necessary permissions.

AC-3 Access Enforcement good match
prevent

Enforces access control policies to prevent permissions issues allowing unauthorized root privilege escalation by apps.

AC-25 Reference Monitor good match
prevent

Implements a reference monitor to mediate all app access to system resources, directly countering the permissions bypass to root.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The CVE describes a local permissions flaw (CWE-276) enabling privilege escalation from a malicious app to root access on macOS and other Apple platforms, directly matching Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3. A malicious app may be able to gain root privileges.

Deeper analysisAI

CVE-2025-24107 is a permissions issue, classified under CWE-276, that was addressed through additional restrictions in Apple operating systems. The vulnerability affects iOS and iPadOS prior to version 18.3, macOS Sequoia prior to 15.3, tvOS prior to 18.3, and watchOS prior to 11.3. It has a CVSS v3.1 base score of 7.8 (High), reflecting a local attack vector with low complexity, requiring low privileges, no user interaction, and high impacts on confidentiality, integrity, and availability.

A local attacker, such as one who has installed a malicious app on the device, can exploit this vulnerability to escalate privileges and gain root access. With root privileges, the attacker achieves full control over the system, potentially allowing unauthorized data access, modification of critical files, or disruption of services.

Apple security advisories confirm the issue is fixed in iOS 18.3, iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, and watchOS 11.3 by implementing additional permissions restrictions, as detailed in support documents such as https://support.apple.com/en-us/122066 and related updates. Users and administrators should apply these patches promptly to mitigate the risk.

Details

CWE(s)
NVD-CWE-noinfoCWE-276

Affected Products

apple
ipados
≤ 18.3
apple
iphone os
≤ 18.3
apple
macos
≤ 15.3
apple
tvos
≤ 18.3
apple
watchos
≤ 11.3

CVEs Like This One

CVE-2025-24238Same product: Apple Ipados
CVE-2024-54468Same product: Apple Ipados
CVE-2024-54522Same product: Apple Ipados
CVE-2026-20687Same product: Apple Ipados
CVE-2024-54517Same product: Apple Ipados
CVE-2025-43510Same product: Apple Ipados
CVE-2025-24159Same product: Apple Ipados
CVE-2026-20700Same product: Apple Ipados
CVE-2026-20628Same product: Apple Ipados
CVE-2025-43520Same product: Apple Ipados

References