CVE-2025-24178

Critical

Published: 31 March 2025

Published

31 March 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0018 39.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24178 is a critical-severity an unspecified weakness vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 39.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and SC-39 (Process Isolation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-25 Reference Monitor good match

prevent

Implements a reference monitor to mediate all app resource accesses, directly preventing sandbox escape vulnerabilities through robust enforcement of isolation policies.

SC-50 Software-enforced Separation and Policy Enforcement good match

prevent

Enforces software-based separation policies for apps, comprehensively mitigating breakout from sandboxed environments like the one exploited in this CVE.

SC-39 Process Isolation good match

prevent

Maintains separate execution domains for processes, countering the app sandbox escape by isolating malicious app execution from system resources.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Sandbox escape vulnerability directly enables breaking out of app isolation to access restricted system resources, mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to break…

out of its sandbox.

Deeper analysisAI

CVE-2025-24178 is a sandbox escape vulnerability in Apple operating systems, addressed through improved state management. It affects iOS prior to 18.4, iPadOS prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, and watchOS prior to 11.4. The vulnerability enables an app to break out of its sandbox, earning a CVSS v3.1 base score of 9.8 due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.

A remote, unauthenticated attacker can exploit this vulnerability over the network with no user interaction or privileges needed. Successful exploitation allows the malicious app to escape its sandboxed environment, potentially granting access to sensitive system resources, data, or capabilities beyond the app's intended isolation.

Apple's security advisories detail the fix via improved state management in the listed patched versions. Relevant updates are documented in support articles at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375, urging users to apply updates promptly to mitigate the risk.

Details

CWE(s): NVD-CWE-noinfo

Affected Products

apple

ipados

≤ 17.7.6 · 18.0 — 18.4

apple

iphone os

≤ 18.4

apple

macos

≤ 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

apple

tvos

≤ 18.4

CVEs Like This One

CVE-2025-24238Same product: Apple Ipados

CVE-2024-54468Same product: Apple Ipados

CVE-2024-54522Same product: Apple Ipados

CVE-2026-20687Same product: Apple Ipados

CVE-2025-24173Same product: Apple Ipados

CVE-2024-54517Same product: Apple Ipados

CVE-2025-24107Same product: Apple Ipados

CVE-2025-30456Same product: Apple Ipados

CVE-2025-43510Same product: Apple Ipados

CVE-2025-24159Same product: Apple Ipados

References

https://support.apple.com/en-us/122371
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122372
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122373
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122374
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122375
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122376
product-security@apple.com
https://support.apple.com/en-us/122377
Release Notes, Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Apr/10
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/11
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/13
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/4
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/5
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/8
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/9
af854a3a-2127-422b-91ae-364da2661108