CVE-2025-24201
Published: 11 March 2025
Summary
CVE-2025-24201 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Ipados. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Drive-by Compromise (T1189); ranked at the 43.5th percentile by exploit likelihood (below the median); CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-16 (Memory Protection).
Deeper analysis
An out-of-bounds write vulnerability, tracked as CVE-2025-24201 and assigned CWE-787, affects multiple Apple platforms including Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, and watchOS 11.4. The flaw resides in the Web Content sandbox and was addressed through improved input validation checks. It carries a CVSS 3.1 base score of 10.0, reflecting network-exploitable conditions with no required privileges or user interaction that could result in full confidentiality, integrity, and availability impacts under a changed scope.
An attacker can deliver maliciously crafted web content to trigger the out-of-bounds write, enabling a sandbox escape that grants unauthorized actions outside the Web Content process. The issue serves as a supplementary fix for an attack vector that had already been mitigated in iOS 17.2, indicating the vulnerability could be chained with other flaws to achieve elevated code execution on affected devices.
Apple security advisories at the listed support URLs detail the affected builds and confirm that updates to the versions enumerated above remediate the issue. The advisories explicitly note that the vulnerability received a targeted fix after earlier mitigations proved insufficient for certain sophisticated attack chains.
Apple has stated it is aware of reporting that the vulnerability may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS versions prior to 17.2. The current EPSS score of 0.0021 reflects limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6302
Vulnerability details
An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2,…
more
visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).
- CWE(s)
- KEV Date Added
- 13 March 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in Safari Web Content sandbox allows malicious web content to escape sandbox with no user interaction, directly enabling drive-by compromise via crafted web content and exploitation for client execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Implements memory protection mechanisms such as bounds checking to directly prevent out-of-bounds writes from corrupting memory and enabling Web Content sandbox escape.
Enforces process isolation for Web Content processes, strengthening the sandbox to block breakout attempts even if memory corruption occurs.
Requires timely identification, testing, and installation of patches to remediate the specific out-of-bounds write flaw in Safari and Apple OS components.