Cyber Posture

CVE-2025-24245

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 41.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24245 is a critical-severity Missing Authorization (CWE-862) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Keychain (T1555.001); ranked at the 41.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-7 (Unsuccessful Logon Attempts).

Threat & Defense at a Glance

What attackers do: exploitation maps to Keychain (T1555.001). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-7 Unsuccessful Logon Attempts good match
prevent

Enforces limits and delays on consecutive unsuccessful verification code attempts, directly mitigating the rapid exploitation vector used by malicious apps to access saved passwords.

SI-2 Flaw Remediation good match
prevent

Requires timely patching of known flaws, such as applying macOS Sequoia 15.4 to remediate the missing authorization in password verification.

AC-3 Access Enforcement good match
prevent

Mandates enforcement of approved authorizations for accessing sensitive resources like saved passwords, addressing the core CWE-862 missing authorization issue.

MITRE ATT&CK Enterprise TechniquesAI

T1555.001 Keychain Credential Access
Adversaries may acquire credentials from Keychain.
attack.mitre.org →
Why these techniques?

The vulnerability directly enables unauthorized access to saved passwords on macOS via a malicious app by bypassing authorization checks and rate limits on verification codes, mapping to credential access from the Keychain password store.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

This issue was addressed by adding a delay between verification code attempts. This issue is fixed in macOS Sequoia 15.4. A malicious app may be able to access a user's saved passwords.

Deeper analysisAI

CVE-2025-24245 is a critical vulnerability (CVSS 9.8) in macOS Sequoia prior to version 15.4, stemming from CWE-862 (Missing Authorization). It allows a malicious app to bypass protections and access a user's saved passwords by exploiting insufficient delays between verification code attempts. The issue was publicly disclosed on 2025-03-31.

An attacker with network access can exploit this vulnerability with low complexity, no privileges, and no user interaction required. By deploying or tricking a user into running a malicious app, the attacker can achieve high confidentiality, integrity, and availability impacts, specifically gaining unauthorized access to the victim's saved passwords.

Apple's advisory at https://support.apple.com/en-us/122373 states that the vulnerability is fixed in macOS Sequoia 15.4 by adding a delay between verification code attempts. Additional details appear in the Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Apr/8. Security practitioners should prioritize updating affected systems to mitigate this risk.

Details

CWE(s)
CWE-862

Affected Products

apple
macos
≤ 15.4

CVEs Like This One

CVE-2025-24259Same product: Apple Macos
CVE-2025-24249Same product: Apple Macos
CVE-2025-24181Same product: Apple Macos
CVE-2025-31194Same product: Apple Macos
CVE-2025-30461Same product: Apple Macos
CVE-2025-30452Same product: Apple Macos
CVE-2025-43219Same product: Apple Macos
CVE-2025-43189Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos
CVE-2026-28817Same product: Apple Macos

References