CVE-2025-24238
Published: 31 March 2025
Summary
CVE-2025-24238 is a critical-severity Incorrect Default Permissions (CWE-276) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations and checks to prevent apps from bypassing logic flaws and gaining elevated privileges.
Implements a reference monitor mechanism that mediates all access decisions, directly countering logic issues in privilege checks.
Restricts apps to least privilege necessary, mitigating the impact of privilege escalation even if checks fail.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a logic flaw (CWE-276) that directly enables an app to gain elevated privileges without authentication or user interaction, matching the definition of exploiting a software vulnerability for privilege escalation.
NVD Description
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, watchOS 11.4. An app may be able to gain elevated privileges.
Deeper analysisAI
CVE-2025-24238 is a logic issue addressed through improved checks, enabling an app to gain elevated privileges. The vulnerability affects Apple's iOS prior to version 18.4, iPadOS prior to 18.4, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, and watchOS prior to 11.4. It is classified under CWE-276 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact confidentiality, integrity, and availability effects.
A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network with low complexity. Exploitation allows a malicious app to elevate its privileges, potentially compromising the affected device by accessing sensitive data, modifying system behavior, or disrupting operations.
Apple's security advisories detail the fix via improved checks in the listed software updates, recommending immediate patching to iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, or watchOS 11.4. Further details are available in the referenced support documents at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, and https://support.apple.com/en-us/122376.
Details
- CWE(s)