CVE-2025-24228
Published: 31 March 2025
Summary
CVE-2025-24228 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 19.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-2 (Separation of System and User Functionality) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates CVE-2025-24228 by requiring timely flaw remediation through patching to the fixed macOS versions that address the buffer overflow.
Implements memory protections that counter buffer overflow vulnerabilities like CVE-2025-24228, preventing arbitrary code execution with kernel privileges.
Separates user app functionality from kernel functionality, blocking escalation to kernel privileges exploited via the buffer overflow in CVE-2025-24228.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a local buffer overflow in macOS that allows an unprivileged app to achieve arbitrary code execution with kernel privileges, directly enabling T1068 Exploitation for Privilege Escalation.
NVD Description
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to execute arbitrary code with kernel privileges.
Deeper analysisAI
CVE-2025-24228 is a buffer overflow vulnerability addressed by improved memory handling in macOS. It affects macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. Published on 2025-03-31, the issue is linked to CWE-125 (Out-of-bounds Read) and carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A local attacker can exploit this vulnerability through an app, requiring low complexity and user interaction but no special privileges. Successful exploitation enables the app to execute arbitrary code with kernel privileges, potentially leading to high impacts on confidentiality, integrity, and availability.
Apple security advisories confirm the issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Mitigation involves updating affected systems to these or later versions, as detailed in support documents at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, and Full Disclosure mailing list entries at http://seclists.org/fulldisclosure/2025/Apr/10 and http://seclists.org/fulldisclosure/2025/Apr/8.
Details
- CWE(s)