Cyber Resilience

CVE-2025-24207

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0018 39.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24207 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Cloud Storage (T1530); ranked at the 39.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-24207 is a permissions issue, classified under CWE-276 (Incorrect Default Permissions), affecting macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. Published on March 31, 2025, the vulnerability enables an app to activate iCloud storage features without user consent. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.

A remote attacker with no privileges can exploit this vulnerability by leveraging a malicious app to bypass permission restrictions and enable iCloud storage. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing unauthorized data storage, synchronization, or manipulation via iCloud services.

Apple's security advisories confirm the issue was addressed through additional permissions restrictions, with fixes deployed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Relevant documentation is available at support.apple.com/en-us/122373, support.apple.com/en-us/122374, and support.apple.com/en-us/122375, alongside full disclosure discussions on seclists.org/fulldisclosure/2025/Apr/10 and seclists.org/fulldisclosure/2025/Apr/8. Security practitioners should prioritize patching affected systems to these versions.

EU & UK References

Vulnerability details

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to enable iCloud storage features without user consent.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1530 Data from Cloud Storage Collection
Adversaries may access data from cloud storage.
Why these techniques?

The vulnerability is a permissions bypass allowing a malicious app to activate and access iCloud storage features without consent, directly enabling collection of data from cloud storage (T1530).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24176Same product: Apple Macos
CVE-2025-24135Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2025-24093Same product: Apple Macos
CVE-2025-24195Same product: Apple Macos
CVE-2025-24172Same product: Apple Macos
CVE-2025-24277Same product: Apple Macos
CVE-2025-24234Same product: Apple Macos
CVE-2025-24232Same product: Apple Macos

Affected Assets

apple
macos
13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations and permission restrictions to prevent apps from enabling iCloud storage features without user consent.

prevent

Applies least privilege to limit app access, blocking unauthorized enablement of iCloud storage capabilities.

prevent

Identifies, prioritizes, and remediates the specific permissions flaw via timely patching to fixed macOS versions.

References