Cyber Posture

CVE-2025-24139

Medium

Published: 27 January 2025

Published
27 January 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0002 6.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24139 is a medium-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 6.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation through patching directly eliminates the parsing vulnerability in macOS that leads to application crashes from malicious files.

SI-16 Memory Protection good match
prevent

Memory protection mechanisms such as bounds checking prevent out-of-bounds writes during file parsing that cause unexpected app terminations.

SI-10 Information Input Validation good match
prevent

Information input validation ensures maliciously crafted files are rejected or sanitized before parsing, mitigating the risk of application crashes.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

The vulnerability enables crashing a target application via malicious file parsing (out-of-bounds write leading to termination), directly mapping to application exploitation for denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, macOS Ventura 13.7.5. Parsing a maliciously crafted file may lead to an unexpected app termination.

Deeper analysisAI

CVE-2025-24139 is a vulnerability in macOS that allows parsing a maliciously crafted file to lead to an unexpected application termination. The issue, addressed through improved checks, affects macOS versions prior to Sequoia 15.3, Sonoma 14.7.3, Ventura 13.7.3, and Ventura 13.7.5. It carries a CVSS v3.1 base score of 5.5 (medium severity) and is associated with CWE-787 (out-of-bounds write), though additional CWE details are unavailable from NVD.

Exploitation requires local access with low complexity and no privileges, but user interaction is necessary to open the malicious file. A local attacker can achieve high availability impact by causing the targeted application to crash, with no effects on confidentiality or integrity and no scope change.

Apple security advisories, detailed in support pages such as https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, https://support.apple.com/en-us/122070, https://support.apple.com/en-us/122375, and http://seclists.org/fulldisclosure/2025/Apr/10, confirm mitigation via updates to the listed macOS versions.

Details

CWE(s)
NVD-CWE-noinfoCWE-787

Affected Products

apple
macos
≤ 13.7.3 · 14.0 — 14.7.3 · 15.0 — 15.3

CVEs Like This One

CVE-2025-24273Same product: Apple Macos
CVE-2026-28825Same product: Apple Macos
CVE-2025-46290Same product: Apple Macos
CVE-2024-54509Same product: Apple Macos
CVE-2025-30444Same product: Apple Macos
CVE-2025-30464Same product: Apple Macos
CVE-2025-24265Same product: Apple Macos
CVE-2025-43244Same product: Apple Macos
CVE-2026-28842Same product: Apple Macos
CVE-2026-20639Same product: Apple Macos

References