Cyber Resilience

CVE-2025-24169

High

Published: 27 January 2025

Published
27 January 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0004 14.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24169 is a high-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Apple Safari. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Extensions (T1176.001); ranked at the 14.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AU-3 (Content of Audit Records) and AU-13 (Monitoring for Information Disclosure).

Deeper analysis

CVE-2025-24169 is a logging issue addressed through improved data redaction, affecting Safari on macOS Sequoia. The vulnerability enables a malicious app to bypass browser extension authentication. It impacts versions of Safari and macOS Sequoia prior to Safari 18.3 and macOS Sequoia 15.3, and is associated with CWE-532 (Insertion of Sensitive Information into Log File) and NVD-CWE-Other.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating network-based exploitation with low attack complexity, no required privileges or user interaction, and unchanged scope. A remote attacker deploying a malicious app can achieve high integrity impact by bypassing authentication for browser extensions, potentially allowing unauthorized access or control over extension functionality.

Apple security advisories confirm the issue was fixed in Safari 18.3 and macOS Sequoia 15.3. Mitigation involves updating to these patched versions. Additional details are available in Apple's support pages at https://support.apple.com/en-us/122068 and https://support.apple.com/en-us/122074, along with full disclosures on seclists.org at http://seclists.org/fulldisclosure/2025/Jan/15 and http://seclists.org/fulldisclosure/2025/Jan/20.

EU & UK References

Vulnerability details

A logging issue was addressed with improved data redaction. This issue is fixed in Safari 18.3, macOS Sequoia 15.3. A malicious app may be able to bypass browser extension authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1176.001 Browser Extensions Persistence
Adversaries may abuse internet browser extensions to establish persistent access to victim systems.
Why these techniques?

Vulnerability directly enables bypass of browser extension authentication via logging flaw, facilitating abuse of browser extensions.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-28923Same product: Apple Macos
CVE-2026-28987Same product: Apple Macos
CVE-2025-24232Same product: Apple Macos
CVE-2024-54509Same product: Apple Macos
CVE-2025-24176Same product: Apple Macos
CVE-2025-31194Same product: Apple Macos
CVE-2025-24103Same product: Apple Macos
CVE-2025-24265Same product: Apple Macos
CVE-2025-24135Same product: Apple Macos
CVE-2024-44286Same product: Apple Macos

Affected Assets

apple
safari
≤ 18.3
apple
macos
≤ 15.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Defines audit record content to exclude or redact sensitive authentication data, directly preventing insertion of exploitable information into log files as in CWE-532.

prevent

Protects audit information from unauthorized access by malicious apps, mitigating exploitation of unredacted sensitive data in logs.

detect

Monitors audit records for indicators of sensitive information disclosure, enabling detection of logging flaws that leak browser extension authentication data.

References