CVE-2025-24233

Critical

Published: 31 March 2025

Published

31 March 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 35.3th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24233 is a critical-severity Incorrect Authorization (CWE-863) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 35.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-11 (User-installed Software).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of the macOS permissions flaw, directly addressing the root cause of the vulnerability.

AC-3 Access Enforcement good match

prevent

Enforces approved authorizations for access to protected files, preventing malicious apps from reading or writing to them.

CM-11 User-installed Software good match

prevent

Prohibits or restricts user-installed software, blocking the installation and execution of malicious apps that exploit the permissions issue.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1565.001 Stored Data Manipulation Impact

Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.

attack.mitre.org →

T1485 Data Destruction Impact

Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources.

attack.mitre.org →

Why these techniques?

Vulnerability directly enables unauthorized read access to protected files (T1005 Data from Local System) and write access facilitating tampering (T1565.001 Stored Data Manipulation) or destruction (T1485 Data Destruction) of system/user data.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to read or write to protected files.

Deeper analysisAI

CVE-2025-24233 is a permissions issue, classified under CWE-863 (Incorrect Authorization), that was addressed through additional restrictions in Apple macOS. The vulnerability affects macOS Sequoia versions prior to 15.4, macOS Sonoma versions prior to 14.7.5, and macOS Ventura versions prior to 13.7.5. It enables a malicious app to bypass intended protections and read or write to protected files, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to high impacts on confidentiality, integrity, and availability.

The vulnerability can be exploited by an attacker with network access who delivers a malicious app to the target system, requiring no special privileges or user interaction beyond the app's installation. Once running, the app can access and modify protected files, potentially leading to unauthorized data exfiltration, tampering with system or user data, or disruption of services.

Apple security advisories detail the fix via additional permissions restrictions in the specified macOS updates (macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5). Practitioners should prioritize patching affected systems, as referenced in Apple's support documentation and full disclosure notices.

Details

CWE(s): CWE-863

Affected Products

apple

macos

13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

CVEs Like This One

CVE-2024-44305Same product: Apple Macos

CVE-2025-24246Same product: Apple Macos

CVE-2025-24229Same product: Apple Macos

CVE-2025-24181Same product: Apple Macos

CVE-2025-24103Same product: Apple Macos

CVE-2025-24146Same product: Apple Macos

CVE-2026-28837Same product: Apple Macos

CVE-2025-30424Same product: Apple Macos

CVE-2024-54557Same product: Apple Macos

CVE-2025-24263Same product: Apple Macos

References

https://support.apple.com/en-us/122373
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122374
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122375
Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Apr/10
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/8
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/9
af854a3a-2127-422b-91ae-364da2661108