CVE-2025-24207
Published: 31 March 2025
Summary
CVE-2025-24207 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Cloud Storage (T1530); ranked at the 37.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations and permission restrictions to prevent apps from enabling iCloud storage features without user consent.
Applies least privilege to limit app access, blocking unauthorized enablement of iCloud storage capabilities.
Identifies, prioritizes, and remediates the specific permissions flaw via timely patching to fixed macOS versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a permissions bypass allowing a malicious app to activate and access iCloud storage features without consent, directly enabling collection of data from cloud storage (T1530).
NVD Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to enable iCloud storage features without user consent.
Deeper analysisAI
CVE-2025-24207 is a permissions issue, classified under CWE-276 (Incorrect Default Permissions), affecting macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. Published on March 31, 2025, the vulnerability enables an app to activate iCloud storage features without user consent. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its network accessibility, low attack complexity, and lack of required privileges or user interaction.
A remote attacker with no privileges can exploit this vulnerability by leveraging a malicious app to bypass permission restrictions and enable iCloud storage. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, potentially allowing unauthorized data storage, synchronization, or manipulation via iCloud services.
Apple's security advisories confirm the issue was addressed through additional permissions restrictions, with fixes deployed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Relevant documentation is available at support.apple.com/en-us/122373, support.apple.com/en-us/122374, and support.apple.com/en-us/122375, alongside full disclosure discussions on seclists.org/fulldisclosure/2025/Apr/10 and seclists.org/fulldisclosure/2025/Apr/8. Security practitioners should prioritize patching affected systems to these versions.
Details
- CWE(s)