Cyber Posture

CVE-2025-24204

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24204 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 36.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

AC-3 enforces approved authorizations for access to protected user data, directly countering the insufficient checks that allowed unauthorized app access in CVE-2025-24204.

SI-2 Flaw Remediation good match
prevent

SI-2 requires timely flaw remediation through patching to macOS Sequoia 15.4, which fixes the vulnerability with improved checks.

AC-6 Least Privilege partial match
prevent

AC-6 least privilege restricts apps to only necessary access rights, reducing the risk of unauthorized access to protected user data if enforcement checks fail.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

The vulnerability allows a malicious app to access protected user data on the local system due to insufficient checks, directly enabling T1005 Data from Local System for unauthorized collection of sensitive information.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

Deeper analysisAI

CVE-2025-24204 is a vulnerability affecting macOS Sequoia versions prior to 15.4, where an app may be able to access protected user data. The issue stems from insufficient checks and is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.

Attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no user privileges or interaction and without changing the scope of impact. A malicious app could leverage this flaw to read sensitive user data, potentially leading to unauthorized disclosure, modification, or disruption of system resources.

Apple addressed the vulnerability with improved checks in macOS Sequoia 15.4. Security practitioners should advise users to update to this version immediately. Additional details are available in Apple's security advisory at https://support.apple.com/en-us/122373 and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Apr/8.

Details

CWE(s)
CWE-200

Affected Products

apple
macos
≤ 15.4

CVEs Like This One

CVE-2025-24246Same product: Apple Macos
CVE-2025-24146Same product: Apple Macos
CVE-2025-30424Same product: Apple Macos
CVE-2025-24263Same product: Apple Macos
CVE-2025-24109Same product: Apple Macos
CVE-2025-24253Same product: Apple Macos
CVE-2025-24232Same product: Apple Macos
CVE-2025-43189Same product: Apple Macos
CVE-2025-24229Same product: Apple Macos
CVE-2025-24181Same product: Apple Macos

References