Cyber Resilience

CVE-2025-24238

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0036 58.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24238 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 41.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2025-24238 is a logic issue addressed through improved checks, enabling an app to gain elevated privileges. The vulnerability affects Apple's iOS prior to version 18.4, iPadOS prior to 18.4, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, and watchOS prior to 11.4. It is classified under CWE-276 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact confidentiality, integrity, and availability effects.

A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network with low complexity. Exploitation allows a malicious app to elevate its privileges, potentially compromising the affected device by accessing sensitive data, modifying system behavior, or disrupting operations.

Apple's security advisories detail the fix via improved checks in the listed software updates, recommending immediate patching to iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, or watchOS 11.4. Further details are available in the referenced support documents at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, and https://support.apple.com/en-us/122376.

EU & UK References

Vulnerability details

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevated privileges.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a logic flaw (CWE-276) that directly enables an app to gain elevated privileges without authentication or user interaction, matching the definition of exploiting a software vulnerability for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24107Same product: Apple Ipados
CVE-2025-24178Same product: Apple Ipados
CVE-2024-54517Same product: Apple Ipados
CVE-2026-20687Same product: Apple Ipados
CVE-2024-40771Same product: Apple Ipados
CVE-2024-54468Same product: Apple Ipados
CVE-2024-54522Same product: Apple Ipados
CVE-2025-24173Same product: Apple Ipados
CVE-2026-28951Same product: Apple Ipados
CVE-2025-24176Same product: Apple Macos

Affected Assets

apple
ipados
≤ 18.4
apple
iphone os
≤ 18.4
apple
macos
13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4
apple
tvos
≤ 18.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations and checks to prevent apps from bypassing logic flaws and gaining elevated privileges.

prevent

Implements a reference monitor mechanism that mediates all access decisions, directly countering logic issues in privilege checks.

prevent

Restricts apps to least privilege necessary, mitigating the impact of privilege escalation even if checks fail.

References