CVE-2025-24169
Published: 27 January 2025
Summary
CVE-2025-24169 is a high-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Apple Safari. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Extensions (T1176.001); ranked at the 13.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AU-3 (Content of Audit Records) and AU-13 (Monitoring for Information Disclosure).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Defines audit record content to exclude or redact sensitive authentication data, directly preventing insertion of exploitable information into log files as in CWE-532.
Protects audit information from unauthorized access by malicious apps, mitigating exploitation of unredacted sensitive data in logs.
Monitors audit records for indicators of sensitive information disclosure, enabling detection of logging flaws that leak browser extension authentication data.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly enables bypass of browser extension authentication via logging flaw, facilitating abuse of browser extensions.
NVD Description
A logging issue was addressed with improved data redaction. This issue is fixed in Safari 18.3, macOS Sequoia 15.3. A malicious app may be able to bypass browser extension authentication.
Deeper analysisAI
CVE-2025-24169 is a logging issue addressed through improved data redaction, affecting Safari on macOS Sequoia. The vulnerability enables a malicious app to bypass browser extension authentication. It impacts versions of Safari and macOS Sequoia prior to Safari 18.3 and macOS Sequoia 15.3, and is associated with CWE-532 (Insertion of Sensitive Information into Log File) and NVD-CWE-Other.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating network-based exploitation with low attack complexity, no required privileges or user interaction, and unchanged scope. A remote attacker deploying a malicious app can achieve high integrity impact by bypassing authentication for browser extensions, potentially allowing unauthorized access or control over extension functionality.
Apple security advisories confirm the issue was fixed in Safari 18.3 and macOS Sequoia 15.3. Mitigation involves updating to these patched versions. Additional details are available in Apple's support pages at https://support.apple.com/en-us/122068 and https://support.apple.com/en-us/122074, along with full disclosures on seclists.org at http://seclists.org/fulldisclosure/2025/Jan/15 and http://seclists.org/fulldisclosure/2025/Jan/20.
Details
- CWE(s)