CVE-2025-24237
Published: 31 March 2025
Summary
CVE-2025-24237 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
A buffer overflow vulnerability, tracked as CVE-2025-24237 and assigned CWE-120, was addressed through improved bounds checking in multiple Apple operating systems. The issue affects iOS and iPadOS prior to 18.4, iPadOS prior to 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, visionOS prior to 2.4, and watchOS prior to 11.4. It carries a CVSS 3.1 score of 9.8.
An unauthenticated attacker can exploit the flaw over a network connection without user interaction to trigger the buffer overflow. Successful exploitation allows an app to cause unexpected system termination, consistent with the high confidentiality, integrity, and availability impacts reflected in the CVSS vector.
Apple security advisories at the listed support URLs detail that the vulnerability is resolved in the updated releases noted above, and organizations should apply those patches to eliminate the exposure.
The associated EPSS score rose from a low baseline to a peak of 0.0245 on 2026-04-03 before receding to the current value of 0.0072, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8967
Vulnerability details
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to…
more
cause unexpected system termination.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow with remote network exploitation (AV:N, PR:N, UI:N) and potential RCE (high C/I impact) or DoS directly enables T1190 for initial access via public-facing or network-exposed components.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements bounds checking on inputs to prevent buffer overflows, matching the exact fix applied in the CVE patches.
Requires timely identification, reporting, and patching of flaws like this critical buffer overflow vulnerability.
Provides memory protections such as non-executable memory and ASLR to mitigate exploitation attempts causing system termination.