Cyber Resilience

CVE-2025-24135

High

Published: 27 January 2025

Published
27 January 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0004 14.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24135 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-24135 is a vulnerability in macOS Sequoia prior to version 15.3 that stems from insufficient message validation, enabling an app to gain elevated privileges. The issue, associated with CWE-276 and tracked as NVD-CWE-noinfo, was assigned a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and published on January 27, 2025.

A local attacker with no required privileges can exploit this vulnerability by tricking a user into interacting with a malicious app, leading to high-impact consequences including unauthorized access to sensitive data, modification of system resources, and disruption of services due to the elevated privileges obtained.

Apple addressed the vulnerability through improved message validation in macOS Sequoia 15.3. Additional details are available in the official Apple security advisory at https://support.apple.com/en-us/122068 and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Jan/15.

EU & UK References

Vulnerability details

This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

The vulnerability enables local privilege escalation via insufficient message validation in a malicious app requiring user interaction, directly mapping to T1068 (Exploitation for Privilege Escalation) and T1204.002 (Malicious File).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24176Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2025-24195Same product: Apple Macos
CVE-2025-24277Same product: Apple Macos
CVE-2025-24234Same product: Apple Macos
CVE-2025-24093Same product: Apple Macos
CVE-2025-24172Same product: Apple Macos
CVE-2025-24207Same product: Apple Macos
CVE-2024-54509Same product: Apple Macos

Affected Assets

apple
macos
≤ 15.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the root cause of insufficient message validation that enables apps to gain elevated privileges by requiring robust input validation at system interfaces.

prevent

Enforces least privilege to restrict apps from executing unauthorized elevated actions even if message validation is bypassed.

prevent

Mandates enforcement of access control policies to block unauthorized privilege escalations resulting from invalid messages.

References