CVE-2025-24181
Published: 31 March 2025
Summary
CVE-2025-24181 is a critical-severity Missing Authorization (CWE-862) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to protected user data, directly preventing apps from bypassing macOS permissions restrictions.
Employs least privilege to restrict app access to only necessary protected user data, mitigating unauthorized access via permissions flaws.
Implements a reference monitor to mediate and enforce access control decisions on system resources, countering the missing authorization in this CVE.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The missing authorization vulnerability directly allows a malicious app to bypass restrictions and access protected user data on the local system, facilitating data collection from local sources.
NVD Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.
Deeper analysisAI
CVE-2025-24181 is a permissions issue, classified under CWE-862 (Missing Authorization), that allows an app to access protected user data on affected macOS systems. The vulnerability affects macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. It received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability. The issue was published on 2025-03-31.
Attackers can exploit this vulnerability remotely over the network without privileges or user interaction by leveraging a malicious app. Successful exploitation enables the app to bypass restrictions and access sensitive protected user data, potentially leading to unauthorized disclosure, modification, or disruption of system resources as reflected in the high CVSS impact metrics.
Apple security advisories detail the fix through additional permissions restrictions in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Relevant updates are documented in support articles at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375, with further discussion in Full Disclosure mailing list posts at http://seclists.org/fulldisclosure/2025/Apr/10 and http://seclists.org/fulldisclosure/2025/Apr/8. Practitioners should prioritize updating affected systems to mitigate the risk.
Details
- CWE(s)