Cyber Resilience

CVE-2025-24237

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0072 72.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24237 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 27.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

A buffer overflow vulnerability, tracked as CVE-2025-24237 and assigned CWE-120, was addressed through improved bounds checking in multiple Apple operating systems. The issue affects iOS and iPadOS prior to 18.4, iPadOS prior to 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, visionOS prior to 2.4, and watchOS prior to 11.4. It carries a CVSS 3.1 score of 9.8.

An unauthenticated attacker can exploit the flaw over a network connection without user interaction to trigger the buffer overflow. Successful exploitation allows an app to cause unexpected system termination, consistent with the high confidentiality, integrity, and availability impacts reflected in the CVSS vector.

Apple security advisories at the listed support URLs detail that the vulnerability is resolved in the updated releases noted above, and organizations should apply those patches to eliminate the exposure.

The associated EPSS score rose from a low baseline to a peak of 0.0245 on 2026-04-03 before receding to the current value of 0.0072, indicating a period of increased exploitation interest after disclosure.

EU & UK References

Vulnerability details

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to…

more

cause unexpected system termination.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow with remote network exploitation (AV:N, PR:N, UI:N) and potential RCE (high C/I impact) or DoS directly enables T1190 for initial access via public-facing or network-exposed components.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-43428Same product: Apple Ipados
CVE-2026-28858Same product: Apple Ipados
CVE-2026-28959Same product: Apple Ipados
CVE-2025-43520Same product: Apple Ipados
CVE-2025-43359Same product: Apple Ipados
CVE-2025-43347Same product: Apple Ipados
CVE-2026-20677Same product: Apple Ipados
CVE-2025-24154Same product: Apple Ipados
CVE-2026-20626Same product: Apple Ipados
CVE-2026-28944Same product: Apple Ipados

Affected Assets

apple
ipados
≤ 17.7.6 · 18.0 — 18.4
apple
iphone os
≤ 18.4
apple
macos
13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4
apple
visionos
≤ 2.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements bounds checking on inputs to prevent buffer overflows, matching the exact fix applied in the CVE patches.

prevent

Requires timely identification, reporting, and patching of flaws like this critical buffer overflow vulnerability.

prevent

Provides memory protections such as non-executable memory and ASLR to mitigate exploitation attempts causing system termination.

References