Cyber Posture

CVE-2025-24135

High

Published: 27 January 2025

Published
27 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0004 13.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24135 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the root cause of insufficient message validation that enables apps to gain elevated privileges by requiring robust input validation at system interfaces.

AC-6 Least Privilege good match
prevent

Enforces least privilege to restrict apps from executing unauthorized elevated actions even if message validation is bypassed.

AC-3 Access Enforcement good match
prevent

Mandates enforcement of access control policies to block unauthorized privilege escalations resulting from invalid messages.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

The vulnerability enables local privilege escalation via insufficient message validation in a malicious app requiring user interaction, directly mapping to T1068 (Exploitation for Privilege Escalation) and T1204.002 (Malicious File).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges.

Deeper analysisAI

CVE-2025-24135 is a vulnerability in macOS Sequoia prior to version 15.3 that stems from insufficient message validation, enabling an app to gain elevated privileges. The issue, associated with CWE-276 and tracked as NVD-CWE-noinfo, was assigned a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and published on January 27, 2025.

A local attacker with no required privileges can exploit this vulnerability by tricking a user into interacting with a malicious app, leading to high-impact consequences including unauthorized access to sensitive data, modification of system resources, and disruption of services due to the elevated privileges obtained.

Apple addressed the vulnerability through improved message validation in macOS Sequoia 15.3. Additional details are available in the official Apple security advisory at https://support.apple.com/en-us/122068 and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Jan/15.

Details

CWE(s)
NVD-CWE-noinfoCWE-276

Affected Products

apple
macos
≤ 15.3

CVEs Like This One

CVE-2025-24267Same product: Apple Macos
CVE-2025-24277Same product: Apple Macos
CVE-2025-24234Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2025-24195Same product: Apple Macos
CVE-2025-24176Same product: Apple Macos
CVE-2025-24207Same product: Apple Macos
CVE-2025-24172Same product: Apple Macos
CVE-2025-24093Same product: Apple Macos
CVE-2026-28817Same product: Apple Macos

References