Cyber Resilience

CVE-2025-24190

CriticalDDoS

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0019 40.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24190 is a critical-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 40.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-24190 is a memory handling vulnerability affecting Apple's operating systems, including iOS prior to 18.4, iPadOS prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, visionOS prior to 2.4, and watchOS prior to 11.4. The flaw, classified under CWE-400 (Uncontrolled Resource Consumption), arises during the processing of maliciously crafted video files, potentially leading to unexpected application termination or process memory corruption. It has a CVSS v3.1 base score of 9.8, indicating critical severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and high impacts on confidentiality, integrity, and availability.

A remote attacker without privileges can exploit this vulnerability by inducing a targeted Apple device to process a specially crafted video file over the network. No user interaction is required, enabling scenarios such as delivering the file via email, messaging apps, web downloads, or streaming services. Successful exploitation could result in denial of service through app crashes or, more critically, process memory corruption that might enable arbitrary code execution, data leakage, or further system compromise within the affected app's context.

Apple's security advisories detail that the issue was addressed through improved memory handling in the specified patched versions across the affected platforms. Security practitioners should prioritize updating devices to these versions, particularly given the vulnerability's high CVSS score and remote exploitability. Relevant advisories are available at support.apple.com/en-us/122371, 122372, 122373, 122374, and 122375.

EU & UK References

Vulnerability details

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted video…

more

file may lead to unexpected app termination or corrupt process memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Client-side memory corruption vulnerability in video processing enables remote exploitation for arbitrary code execution (zero-click) in affected applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24211Same product: Apple Ipados
CVE-2026-28905Same product: Apple Ipados
CVE-2025-24230Same product: Apple Ipados
CVE-2026-28940Same product: Apple Ipados
CVE-2026-20650Same product: Apple Ipados
CVE-2025-24126Same product: Apple Ipados
CVE-2025-43186Same product: Apple Ipados
CVE-2025-43234Same product: Apple Ipados
CVE-2025-24137Same product: Apple Ipados
CVE-2025-24264Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 17.7.6 · 18.0 — 18.4
apple
iphone os
≤ 18.4
apple
macos
13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4
apple
tvos
all versions · ≤ 18.4
apple
visionos
≤ 2.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the specific memory handling flaw by requiring timely application of vendor patches for affected Apple OS versions.

prevent

Implements memory safeguards such as address space layout randomization and data execution prevention to mitigate process memory corruption from malicious video files.

prevent

Enforces validation of video file inputs to detect and reject malformed content that could trigger uncontrolled resource consumption or memory corruption.

References