Cyber Resilience

CVE-2025-24118

High

Published: 27 January 2025

Published
27 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
EPSS Score 0.2702 96.5th percentile
Risk Priority 30 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24118 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 3.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-24118 is an out-of-bounds write vulnerability stemming from insufficient memory handling in Apple's kernel. It affects iPadOS 17.7.4 prior to the listed update as well as macOS Sequoia before 15.3 and macOS Sonoma before 14.7.3. The flaw permits an application to trigger unexpected system termination or directly modify kernel memory.

An attacker with the ability to run a malicious app on an affected device can exploit the issue. Because the attack requires user interaction and runs with no special privileges, it is typically delivered via a crafted application that the victim is tricked into executing; successful exploitation yields high-integrity and high-availability impact on the host.

Apple has addressed the vulnerability through improved memory handling in the security updates iPadOS 17.7.4, macOS Sequoia 15.3, and macOS Sonoma 14.7.3, as documented in the vendor advisories at support.apple.com. The corresponding entries also appear in the January 2025 Full Disclosure mailing-list archives.

EPSS for the CVE currently stands at 0.27 with a recorded peak of 0.31; no public evidence of in-the-wild exploitation has been reported.

EU & UK References

Vulnerability details

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Out-of-bounds write to kernel memory from a local app directly enables exploitation for privilege escalation (T1068); system crash is a secondary DoS effect but not the primary mapping.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-43220Same product: Apple Ipados
CVE-2025-30464Same product: Apple Macos
CVE-2025-24231Same product: Apple Macos
CVE-2024-54509Same product: Apple Macos
CVE-2024-54522Same product: Apple Ipados
CVE-2024-54517Same product: Apple Ipados
CVE-2025-24154Same product: Apple Ipados
CVE-2025-24273Same product: Apple Macos
CVE-2026-28825Same product: Apple Macos
CVE-2025-43300Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 17.7.4
apple
macos
≤ 14.7.3 · 15.0 — 15.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-16 implements memory protection controls that directly prevent out-of-bounds writes to kernel memory by malicious apps.

prevent

SC-39 enforces process isolation separating user apps from kernel processes, blocking unauthorized kernel memory access.

prevent

SI-2 requires timely flaw remediation through patching, directly addressing the memory handling vulnerability fixed in specified iPadOS and macOS updates.

References