CVE-2025-24237

Critical

Published: 31 March 2025

Published

31 March 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0065 70.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24237 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly implements bounds checking on inputs to prevent buffer overflows, matching the exact fix applied in the CVE patches.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of flaws like this critical buffer overflow vulnerability.

SI-16 Memory Protection partial match

prevent

Provides memory protections such as non-executable memory and ASLR to mitigate exploitation attempts causing system termination.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow with remote network exploitation (AV:N, PR:N, UI:N) and potential RCE (high C/I impact) or DoS directly enables T1190 for initial access via public-facing or network-exposed components.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to…

cause unexpected system termination.

Deeper analysisAI

CVE-2025-24237 is a buffer overflow vulnerability (CWE-120) that was addressed with improved bounds checking. It affects iOS versions prior to 18.4, iPadOS versions prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, visionOS prior to 2.4, and watchOS prior to 11.4. Published on 2025-03-31, the issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical severity.

A remote attacker with no privileges or user interaction can exploit this vulnerability over the network with low attack complexity. Exploitation by a malicious app may cause unexpected system termination, aligning with the high availability impact in the CVSS score, while also enabling potential high confidentiality and integrity impacts.

Apple's security advisories detail the patches in the listed updates. Mitigation involves applying these updates promptly. Additional information is available in the advisories at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375.

Details

CWE(s): CWE-120

Affected Products

apple

ipados

≤ 17.7.6 · 18.0 — 18.4

apple

iphone os

≤ 18.4

apple

macos

13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

apple

visionos

≤ 2.4

CVEs Like This One

CVE-2025-43428Same product: Apple Ipados

CVE-2026-28858Same product: Apple Ipados

CVE-2025-43347Same product: Apple Ipados

CVE-2025-43520Same product: Apple Ipados

CVE-2025-43359Same product: Apple Ipados

CVE-2026-28876Same product: Apple Ipados

CVE-2026-20616Same product: Apple Ipados

CVE-2026-20688Same product: Apple Ipados

CVE-2026-20626Same product: Apple Ipados

CVE-2026-20615Same product: Apple Ipados

References

https://support.apple.com/en-us/122371
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122372
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122373
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122374
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122375
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122376
product-security@apple.com
https://support.apple.com/en-us/122378
Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Apr/10
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/12
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/13
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/4
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/5
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/8
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/9
af854a3a-2127-422b-91ae-364da2661108