Cyber Posture

CVE-2025-24229

High

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0014 33.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24229 is a high-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations to prevent sandboxed apps from bypassing logic checks and accessing sensitive user data.

SC-39 Process Isolation good match
prevent

Isolates sandboxed application processes to block unauthorized access to sensitive user data outside intended boundaries.

AC-25 Reference Monitor good match
prevent

Implements a reference monitor to mediate and enforce access control policies, addressing the logic flaw in sandbox checks.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

The vulnerability is an improper access control issue (CWE-284) that directly enables a sandboxed app to bypass restrictions and access sensitive user data on the local system, mapping to T1005 Data from Local System.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A sandboxed app may be able to access sensitive user data.

Deeper analysisAI

CVE-2025-24229 is a logic issue in macOS that was addressed through improved checks, enabling a sandboxed app to access sensitive user data. The vulnerability affects macOS versions prior to Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. It is classified under CWE-284 (Improper Access Control) with a CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N), indicating high confidentiality and integrity impacts without affecting availability.

A remote attacker with no privileges required can exploit this vulnerability over the network, though it demands high attack complexity and no user interaction. Successful exploitation allows the sandboxed app to bypass intended restrictions, granting access to sensitive user data and potentially enabling unauthorized modifications due to the high integrity impact.

Apple's security advisories detail the fix via improved checks in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5, recommending users update to these patched versions for mitigation. Additional details are available in the referenced support pages and full disclosure lists.

Details

CWE(s)
CWE-284

Affected Products

apple
macos
13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

CVEs Like This One

CVE-2026-28837Same product: Apple Macos
CVE-2025-30460Same product: Apple Macos
CVE-2025-43198Same product: Apple Macos
CVE-2025-24241Same product: Apple Macos
CVE-2025-24246Same product: Apple Macos
CVE-2025-24181Same product: Apple Macos
CVE-2026-20622Same product: Apple Macos
CVE-2025-30462Same product: Apple Macos
CVE-2025-24103Same product: Apple Macos
CVE-2025-43192Same product: Apple Macos

References