CVE-2025-24190
Published: 31 March 2025
Summary
CVE-2025-24190 is a critical-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 38.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the specific memory handling flaw by requiring timely application of vendor patches for affected Apple OS versions.
Implements memory safeguards such as address space layout randomization and data execution prevention to mitigate process memory corruption from malicious video files.
Enforces validation of video file inputs to detect and reject malformed content that could trigger uncontrolled resource consumption or memory corruption.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Client-side memory corruption vulnerability in video processing enables remote exploitation for arbitrary code execution (zero-click) in affected applications.
NVD Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video…
more
file may lead to unexpected app termination or corrupt process memory.
Deeper analysisAI
CVE-2025-24190 is a memory handling vulnerability affecting Apple's operating systems, including iOS prior to 18.4, iPadOS prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, visionOS prior to 2.4, and watchOS prior to 11.4. The flaw, classified under CWE-400 (Uncontrolled Resource Consumption), arises during the processing of maliciously crafted video files, potentially leading to unexpected application termination or process memory corruption. It has a CVSS v3.1 base score of 9.8, indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.
A remote attacker without privileges can exploit this vulnerability by inducing a targeted Apple device to process a specially crafted video file over the network. No user interaction is required, enabling scenarios such as delivering the file via email, messaging apps, web downloads, or streaming services. Successful exploitation could result in denial of service through app crashes or, more critically, process memory corruption that might enable arbitrary code execution, data leakage, or further system compromise within the affected app's context.
Apple's security advisories detail that the issue was addressed through improved memory handling in the specified patched versions across the affected platforms. Security practitioners should prioritize updating devices to these versions, particularly given the vulnerability's high CVSS score and remote exploitability. Relevant advisories are available at support.apple.com/en-us/122371, 122372, 122373, 122374, and 122375.
Details
- CWE(s)