Cyber Posture

CVE-2025-24234

High

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0004 11.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24234 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 11.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the vulnerability by requiring timely flaw remediation through patching to the fixed macOS versions that remove the vulnerable code.

AC-6 Least Privilege good match
prevent

Enforces least privilege to prevent malicious apps from escalating to root privileges even if a permission flaw exists.

SI-3 Malicious Code Protection good match
preventdetect

Deploys malicious code protection mechanisms to identify and block execution of the malicious app required to exploit the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Vulnerability allows malicious app to escalate to root privileges via incorrect default permissions on macOS, directly enabling exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to gain root privileges.

Deeper analysisAI

CVE-2025-24234 is a vulnerability in macOS that allows a malicious app to gain root privileges, classified under CWE-276 (Incorrect Default Permissions). It affects macOS versions prior to the patched releases, specifically macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. The issue was addressed by Apple through the removal of the vulnerable code.

The vulnerability has a CVSS v3.1 base score of 7.8 (High), with a local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and user interaction required (UI:R). An attacker can exploit it by tricking a user into running a malicious application on the target system, potentially achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) by escalating to root privileges.

Apple's security advisories detail that the vulnerability was fixed in the specified macOS updates by removing the vulnerable code. Relevant documentation is available at support.apple.com/en-us/122373, support.apple.com/en-us/122374, and support.apple.com/en-us/122375, with additional full disclosure discussions on seclists.org/fulldisclosure/2025/Apr/10 and seclists.org/fulldisclosure/2025/Apr/8. Security practitioners should ensure systems are updated to the patched versions to mitigate the risk.

Details

CWE(s)
CWE-276

Affected Products

apple
macos
13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

CVEs Like This One

CVE-2025-24267Same product: Apple Macos
CVE-2025-24277Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2025-24195Same product: Apple Macos
CVE-2025-24176Same product: Apple Macos
CVE-2025-24135Same product: Apple Macos
CVE-2026-28817Same product: Apple Macos
CVE-2025-24255Same product: Apple Macos
CVE-2025-24228Same product: Apple Macos
CVE-2026-20658Same product: Apple Macos

References