Cyber Resilience

CVE-2025-24130

Medium

Published: 27 January 2025

Published
27 January 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score 0.0005 16.0th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24130 is a medium-severity an unspecified weakness vulnerability in Apple Macos. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 16.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-2 (Separation of System and User Functionality).

Deeper analysis

CVE-2025-24130 is a vulnerability in macOS that allows an app to modify protected parts of the file system. The issue affects macOS versions prior to Sequoia 15.3, Sonoma 14.7.3, and Ventura 13.7.3, and was addressed through improved checks. It has a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N), indicating medium severity with high integrity impact but no confidentiality or availability effects.

A local attacker can exploit this vulnerability with low complexity and no required privileges, though user interaction is necessary. By tricking a user into interacting with a malicious app, the attacker can achieve modification of protected file system areas, potentially leading to persistence, data tampering, or escalation in a local context.

Apple security advisories confirm the fix in macOS Sequoia 15.3, macOS Sonoma 14.7.3, and macOS Ventura 13.7.3 via improved checks, as detailed in support documents at https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, and https://support.apple.com/en-us/122070. Additional details appear in Full Disclosure mailing list posts at http://seclists.org/fulldisclosure/2025/Jan/15 and http://seclists.org/fulldisclosure/2025/Jan/16. Security practitioners should ensure systems are updated to patched versions to mitigate the risk.

EU & UK References

Vulnerability details

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to modify protected parts of the file system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

The vulnerability allows modification of protected file system areas, enabling local privilege escalation via exploitation (T1068) and Stored Data Manipulation (T1565.001) for data tampering; persistence is suggested but less directly mapped.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-44303Same product: Apple Macos
CVE-2026-28825Same product: Apple Macos
CVE-2024-54509Same product: Apple Macos
CVE-2025-24176Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos
CVE-2026-20658Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2025-24255Same product: Apple Macos
CVE-2025-30449Same product: Apple Macos
CVE-2026-28923Same product: Apple Macos

Affected Assets

apple
macos
≤ 13.7.3 · 14.0 — 14.7.3 · 15.0 — 15.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring timely remediation through patching to the fixed macOS versions that improved file system protection checks.

prevent

Enforces approved authorizations to prevent apps from accessing and modifying protected file system areas, addressing the core bypass vulnerability.

prevent

Maintains separation between user app functionality and system-protected file system resources, countering the unauthorized modification exploit.

References