CVE-2025-24159

High

Published: 27 January 2025

Published

27 January 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0005 14.4th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24159 is a high-severity Code Injection (CWE-94) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 14.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the validation issue enabling code injection by requiring organizations to validate inputs to applications and system processes.

SI-2 Flaw Remediation good match

prevent

Mandates timely flaw remediation through patching, aligning with Apple's release of fixed OS versions to eliminate the kernel privilege escalation vulnerability.

AC-25 Reference Monitor good match

prevent

Enforces a reference monitor to mediate all access attempts, preventing an exploited app from executing arbitrary code with kernel privileges.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability is a local code injection flaw (CWE-94) that allows an unprivileged app to execute arbitrary code with kernel privileges on Apple platforms, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A validation issue was addressed with improved logic. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to execute arbitrary…

code with kernel privileges.

Deeper analysisAI

CVE-2025-24159 is a validation issue addressed through improved logic in multiple Apple operating systems, enabling an app to execute arbitrary code with kernel privileges. The vulnerability affects iOS prior to version 18.3, iPadOS prior to 18.3 or 17.7.4, macOS Sequoia prior to 15.3, macOS Sonoma prior to 14.7.3, tvOS prior to 18.3, visionOS prior to 2.3, and watchOS prior to 11.3. It has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-94 (code injection), though NVD provides no additional CWE details.

Exploitation requires a local attacker with low-complexity access and no privileges, but user interaction is necessary. Successful exploitation grants kernel-level code execution, resulting in high impacts to confidentiality, integrity, and availability, potentially allowing full system compromise on affected devices.

Apple security advisories recommend updating to the fixed versions: iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, or watchOS 11.3. Detailed patch information is available in the referenced support articles at https://support.apple.com/en-us/122066, https://support.apple.com/en-us/122067, https://support.apple.com/en-us/122068, https://support.apple.com/en-us/122069, and https://support.apple.com/en-us/122071.

Details

CWE(s): NVD-CWE-noinfo CWE-94

Affected Products

apple

ipados

≤ 17.7.4 · 18.0 — 18.3

apple

iphone os

≤ 18.3

apple

macos

≤ 14.7.3 · 15.0 — 15.3

apple

tvos

≤ 18.3

apple

visionos

≤ 2.3

apple

watchos

≤ 11.3

CVEs Like This One

CVE-2025-43510Same product: Apple Ipados

CVE-2026-20700Same product: Apple Ipados

CVE-2026-20628Same product: Apple Ipados

CVE-2025-43520Same product: Apple Ipados

CVE-2024-27859Same product: Apple Ipados

CVE-2025-24085Same product: Apple Ipados

CVE-2026-20698Same product: Apple Ipados

CVE-2024-27856Same product: Apple Ipados

CVE-2024-54468Same product: Apple Ipados

CVE-2024-54522Same product: Apple Ipados

References

https://support.apple.com/en-us/122066
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122067
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122068
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122069
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122071
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122072
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122073
Release Notes, Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Jan/13
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jan/14
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jan/15
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jan/16
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jan/18
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Jan/19
af854a3a-2127-422b-91ae-364da2661108