CVE-2025-24243

High

Published: 31 March 2025

Published

31 March 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0003 8.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24243 is a high-severity Code Injection (CWE-94) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 8.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match

prevent

SI-16 directly implements memory safeguards to prevent arbitrary code execution from memory handling flaws exploited by maliciously crafted files.

SI-2 Flaw Remediation good match

prevent

SI-2 ensures timely remediation of the specific memory handling vulnerability in CVE-2025-24243 through vendor patch deployment.

SI-10 Information Input Validation partial match

prevent

SI-10 validates information inputs like malicious files to mitigate code injection during processing.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution

An adversary may rely upon a user opening a malicious file in order to gain execution.

attack.mitre.org →

Why these techniques?

The vulnerability is a code injection flaw triggered by processing a maliciously crafted file, directly enabling arbitrary code execution via user interaction (opening the file). This maps precisely to T1204.002 Malicious File.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted file…

may lead to arbitrary code execution.

Deeper analysisAI

CVE-2025-24243 is a code injection vulnerability (CWE-94) addressed through improved memory handling in multiple Apple operating systems. Processing a maliciously crafted file may lead to arbitrary code execution. The vulnerability affects iOS versions prior to 18.4, iPadOS versions prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, tvOS prior to 18.4, visionOS prior to 2.4, and watchOS prior to 11.4. It was published on 2025-03-31 with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

Exploitation requires local access with low complexity and no privileges, but user interaction such as opening the malicious file. A successful attack allows arbitrary code execution, resulting in high impacts to confidentiality, integrity, and availability on the targeted device.

Apple security advisories at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375 confirm the issue is fixed in the listed versions. Mitigation involves updating affected devices to these patched releases.

Details

CWE(s): CWE-94

Affected Products

apple

ipados

≤ 17.7.6 · 18.0 — 18.4

apple

iphone os

≤ 18.4

apple

macos

13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

apple

tvos

≤ 18.4

apple

visionos

≤ 2.4

CVEs Like This One

CVE-2025-24159Same product: Apple Ipados

CVE-2026-20675Same product: Apple Ipados

CVE-2024-27859Same product: Apple Ipados

CVE-2024-27856Same product: Apple Ipados

CVE-2024-54499Same product: Apple Ipados

CVE-2026-20611Same product: Apple Ipados

CVE-2024-54525Same product: Apple Ipados

CVE-2026-20616Same product: Apple Ipados

CVE-2025-24230Same product: Apple Ipados

CVE-2025-31281Same product: Apple Ipados

References

https://support.apple.com/en-us/122371
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122372
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122373
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122374
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122375
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122376
product-security@apple.com
https://support.apple.com/en-us/122377
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122378
Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Apr/10
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/11
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/12
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/13
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/4
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/5
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/8
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/9
af854a3a-2127-422b-91ae-364da2661108