CVE-2025-24126

High

Published: 27 January 2025

Published

27 January 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS Score 0.0013 31.2th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24126 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Apple Ipados. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 31.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the core input validation issue allowing local network attackers to corrupt process memory.

SI-16 Memory Protection good match

prevent

Protects system memory from corruption resulting from invalid inputs over the local network.

SC-7 Boundary Protection partial match

prevent

Limits exposure to adjacent network attackers by monitoring and controlling communications at system boundaries.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Input validation flaw allows local network attacker to corrupt process memory on Apple systems, enabling exploitation of remote services (T1210) and application/system exploitation leading to DoS or process modification (T1499.004).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

An input validation issue was addressed. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to corrupt…

process memory.

Deeper analysisAI

CVE-2025-24126 is an input validation vulnerability affecting multiple Apple operating systems, including iOS prior to 18.3, iPadOS prior to 18.3, macOS Sequoia prior to 15.3, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.3, and visionOS prior to 2.3. The flaw allows an attacker on the local network to corrupt process memory, as indicated by its CVSS v3.1 base score of 7.3 (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H) and association with CWE-400 (Uncontrolled Resource Consumption).

An attacker with low privileges on the local network can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation enables corruption of process memory, resulting in high integrity and availability impacts but no confidentiality loss, potentially leading to denial-of-service conditions or unauthorized modification of system processes.

Apple security advisories detail the fix through updates to the listed versions, recommending users apply patches immediately via standard update mechanisms. Relevant support pages include https://support.apple.com/en-us/122066, https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122072, https://support.apple.com/en-us/122073, and https://support.apple.com/en-us/122374.

Details

CWE(s): NVD-CWE-noinfo CWE-400

Affected Products

apple

ipados

≤ 18.3

apple

iphone os

≤ 18.3

apple

macos

≤ 15.3

apple

tvos

≤ 18.3

apple

visionos

≤ 2.3

apple

watchos

≤ 11.3

CVEs Like This One

CVE-2026-20650Same product: Apple Ipados

CVE-2025-24264Same product: Apple Ipados

CVE-2025-24211Same product: Apple Ipados

CVE-2025-24190Same product: Apple Ipados

CVE-2026-20652Same product: Apple Ipados

CVE-2025-24129Same product: Apple Ipados

CVE-2024-44227Same product: Apple Ipados

CVE-2024-54551Same product: Apple Ipados

CVE-2025-30471Same product: Apple Ipados

CVE-2026-28874Same product: Apple Ipados

References

https://support.apple.com/en-us/122066
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122068
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122072
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122073
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122374
product-security@apple.com
https://support.apple.com/en-us/122375
product-security@apple.com
http://seclists.org/fulldisclosure/2025/Jan/12
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jan/13
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jan/15
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jan/19
af854a3a-2127-422b-91ae-364da2661108