CVE-2025-24130

Medium

Published: 27 January 2025

Published

27 January 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Score 0.0005 15.6th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24130 is a medium-severity an unspecified weakness vulnerability in Apple Macos. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 15.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-2 (Separation of System and User Functionality).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring timely remediation through patching to the fixed macOS versions that improved file system protection checks.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations to prevent apps from accessing and modifying protected file system areas, addressing the core bypass vulnerability.

SC-2 Separation of System and User Functionality good match

prevent

Maintains separation between user app functionality and system-protected file system resources, countering the unauthorized modification exploit.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1565.001 Stored Data Manipulation Impact

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

Why these techniques?

The vulnerability allows modification of protected file system areas, enabling local privilege escalation via exploitation (T1068) and Stored Data Manipulation (T1565.001) for data tampering; persistence is suggested but less directly mapped.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to modify protected parts of the file system.

Deeper analysisAI

CVE-2025-24130 is a vulnerability in macOS that allows an app to modify protected parts of the file system. The issue affects macOS versions prior to Sequoia 15.3, Sonoma 14.7.3, and Ventura 13.7.3, and was addressed through improved checks. It has a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N), indicating medium severity with high integrity impact but no confidentiality or availability effects.

A local attacker can exploit this vulnerability with low complexity and no required privileges, though user interaction is necessary. By tricking a user into interacting with a malicious app, the attacker can achieve modification of protected file system areas, potentially leading to persistence, data tampering, or escalation in a local context.

Apple security advisories confirm the fix in macOS Sequoia 15.3, macOS Sonoma 14.7.3, and macOS Ventura 13.7.3 via improved checks, as detailed in support documents at https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, and https://support.apple.com/en-us/122070. Additional details appear in Full Disclosure mailing list posts at http://seclists.org/fulldisclosure/2025/Jan/15 and http://seclists.org/fulldisclosure/2025/Jan/16. Security practitioners should ensure systems are updated to patched versions to mitigate the risk.

Details

CWE(s): NVD-CWE-noinfo

Affected Products

apple

macos

≤ 13.7.3 · 14.0 — 14.7.3 · 15.0 — 15.3

CVEs Like This One

CVE-2026-28825Same product: Apple Macos

CVE-2025-24267Same product: Apple Macos

CVE-2026-28817Same product: Apple Macos

CVE-2025-24277Same product: Apple Macos

CVE-2025-24234Same product: Apple Macos

CVE-2025-24255Same product: Apple Macos

CVE-2025-24170Same product: Apple Macos

CVE-2025-24228Same product: Apple Macos

CVE-2026-20658Same product: Apple Macos

CVE-2026-28821Same product: Apple Macos

References

https://support.apple.com/en-us/122068
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122069
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122070
Release Notes, Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Jan/15
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jan/16
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jan/17
af854a3a-2127-422b-91ae-364da2661108