CVE-2025-24211
Published: 31 March 2025
Summary
CVE-2025-24211 is a critical-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 38.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Implements safeguards to protect system memory from corruption caused by processing maliciously crafted video files.
Requires timely remediation of the memory handling flaw through patching to the fixed OS versions.
Validates video file inputs to mitigate uncontrolled resource consumption and memory corruption from malformed files.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote memory corruption via crafted video files leading to arbitrary code execution on client systems (iOS/macOS/etc.), directly mapping to Exploitation for Client Execution.
NVD Description
This issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. Processing a maliciously crafted video file may…
more
lead to unexpected app termination or corrupt process memory.
Deeper analysisAI
CVE-2025-24211 is a high-severity vulnerability (CVSS 3.1 score of 9.8) involving inadequate memory handling in Apple's operating systems. Processing a maliciously crafted video file can lead to unexpected app termination or corrupt process memory, mapped to CWE-400 (Uncontrolled Resource Consumption). The issue affects iOS versions prior to 18.4, iPadOS prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, and visionOS prior to 2.4.
Remote attackers can exploit this vulnerability over the network (AV:N) with low attack complexity (AC:L), no required privileges (PR:N), and no user interaction (UI:N). Exploitation results in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H) within the affected process's scope (S:U), enabling outcomes such as process crashes or memory corruption that could facilitate further compromise like arbitrary code execution.
Apple's security advisories confirm the issue was addressed through improved memory handling in the specified patched versions. Mitigation requires updating affected devices to iOS 18.4 or later, iPadOS 18.4 or 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, or visionOS 2.4. Additional details are available in Apple's support pages: https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375.
Details
- CWE(s)