CVE-2025-24196
Published: 31 March 2025
Summary
CVE-2025-24196 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Apple Macos. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely identification, reporting, and correction of the type confusion flaw enabling kernel memory disclosure via patching to fixed macOS versions.
Implements memory protection mechanisms that comprehensively address improper memory handling and prevent unauthorized kernel memory reads from type confusion exploits.
Ensures receipt and implementation of security advisories from Apple regarding this CVE, facilitating rapid flaw remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Kernel memory disclosure via type confusion/out-of-bounds read enables exploitation for privilege escalation (T1068) to kernel access and credential access (T1212) by leaking sensitive kernel data.
NVD Description
A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with user privileges may be able to read kernel memory.
Deeper analysisAI
CVE-2025-24196 is a type confusion vulnerability stemming from improper memory handling, addressed by Apple through enhanced memory management checks. It affects macOS Sequoia versions prior to 15.4 and macOS Sonoma versions prior to 14.7.5. Mapped to CWE-125 (Out-of-bounds Read), the flaw enables potential kernel memory disclosure and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with local user privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Exploitation allows high-impact confidentiality violations, such as reading sensitive kernel memory, alongside high integrity and availability disruptions as indicated by the CVSS metrics.
Apple's security advisories, available at support.apple.com/en-us/122373 and support.apple.com/en-us/122374, confirm the issue is fixed in macOS Sequoia 15.4 and macOS Sonoma 14.7.5. Mitigation requires updating affected systems to these patched versions, with additional details discussed in Full Disclosure mailing list posts from seclists.org/fulldisclosure/2025/Apr/8 and seclists.org/fulldisclosure/2025/Apr/9.
Details
- CWE(s)