Cyber Posture

CVE-2025-24241

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 34.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24241 is a critical-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Clipboard Data (T1115); ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-6 (Configuration Settings).

Threat & Defense at a Glance

What attackers do: exploitation maps to Clipboard Data (T1115). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-4 Information in Shared System Resources good match
prevent

Prevents unauthorized apps from accessing sensitive data in the shared pasteboard system resource, directly addressing the improper access control vulnerability.

AC-3 Access Enforcement good match
prevent

Enforces approved access authorizations to system resources like the pasteboard, mitigating the app's ability to access user-copied sensitive data.

CM-6 Configuration Settings good match
prevent

Mandates secure configuration settings with restrictions on pasteboard access, countering the specific configuration issue exploited in this CVE.

MITRE ATT&CK Enterprise TechniquesAI

T1115 Clipboard Data Collection
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
attack.mitre.org →
Why these techniques?

The vulnerability is an improper access control issue allowing a malicious app to access sensitive data on the pasteboard (macOS clipboard), directly enabling T1115 Clipboard Data collection.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard.

Deeper analysisAI

CVE-2025-24241 is a configuration issue addressed with additional restrictions in macOS. It affects macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The vulnerability enables an app to trick a user into copying sensitive data to the pasteboard. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-284 (Improper Access Control).

A remote attacker requires no privileges and can exploit this over the network with low attack complexity and no user interaction. Exploitation allows high-impact effects on confidentiality, integrity, and availability, where the malicious app can access sensitive data copied to the pasteboard.

Apple's security advisories detail the fix through the specified macOS updates. Mitigation involves applying macOS Sequoia 15.4, macOS Sonoma 14.7.5, or macOS Ventura 13.7.5 as appropriate. Further information is available at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, http://seclists.org/fulldisclosure/2025/Apr/10, and http://seclists.org/fulldisclosure/2025/Apr/8.

Details

CWE(s)
CWE-284

Affected Products

apple
macos
13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

CVEs Like This One

CVE-2025-24229Same product: Apple Macos
CVE-2026-20622Same product: Apple Macos
CVE-2025-30462Same product: Apple Macos
CVE-2025-43192Same product: Apple Macos
CVE-2025-43194Same product: Apple Macos
CVE-2025-43184Same product: Apple Macos
CVE-2026-28837Same product: Apple Macos
CVE-2025-43232Same product: Apple Macos
CVE-2025-30460Same product: Apple Macos
CVE-2024-40858Same product: Apple Macos

References