Cyber Resilience

CVE-2025-24170

High

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 10.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24170 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-24170 is a logic issue in file handling that affects macOS Sonoma prior to version 14.7.5 and macOS Ventura prior to version 13.7.5. Classified under CWE-276 (Incorrect Default Permissions), the vulnerability enables an app to gain root privileges. It received a CVSS v3.1 base score of 7.8 (High), reflecting its potential severity in privilege escalation scenarios. The issue was published on 2025-03-31.

The attack requires local access (AV:L) with low complexity (AC:L), no prior privileges (PR:N), and user interaction (UI:R), with no change in scope (S:U). A local attacker could exploit this by tricking a user into interacting with a malicious app, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), ultimately resulting in root privilege escalation.

Apple mitigated the vulnerability through improved file handling in macOS Sonoma 14.7.5 and macOS Ventura 13.7.5. Practitioners should apply these updates promptly. Further details appear in Apple's security content at https://support.apple.com/en-us/122374 and https://support.apple.com/en-us/122375, as well as Full Disclosure mailing list posts at http://seclists.org/fulldisclosure/2025/Apr/10 and http://seclists.org/fulldisclosure/2025/Apr/9.

EU & UK References

Vulnerability details

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a local privilege escalation vulnerability (CWE-276 incorrect default permissions in file handling) that allows a malicious app to gain root access on macOS, directly enabling T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24176Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos
CVE-2025-24195Same product: Apple Macos
CVE-2025-24277Same product: Apple Macos
CVE-2025-24234Same product: Apple Macos
CVE-2025-24135Same product: Apple Macos
CVE-2024-54509Same product: Apple Macos
CVE-2026-20658Same product: Apple Macos
CVE-2025-24255Same product: Apple Macos
CVE-2025-30449Same product: Apple Macos

Affected Assets

apple
macos
≤ 13.7.5 · 14.0 — 14.7.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the file handling logic flaw by requiring timely identification, reporting, and remediation through patches like macOS Sonoma 14.7.5 and Ventura 13.7.5.

prevent

Restricts or controls user-installed software, preventing malicious apps from being installed and executed to exploit the privilege escalation vulnerability.

prevent

Enforces least privilege for processes and users, limiting the scope and impact of root privilege escalation resulting from the incorrect default permissions.

References