CVE-2025-24246
Published: 31 March 2025
Summary
CVE-2025-24246 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 36.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the injection vulnerability by requiring comprehensive input validation to block unauthorized access to user-sensitive data.
Addresses the specific flaw in macOS by identifying, prioritizing, and applying vendor patches like Sequoia 15.4 to remediate the vulnerability.
Enforces strict access controls to prevent apps from gaining unauthorized logical access to user-sensitive data despite injection attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The injection vulnerability due to insufficient input validation directly enables a malicious app to access sensitive user data on the local macOS system, mapping to T1005 Data from Local System.
NVD Description
An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.
Deeper analysisAI
CVE-2025-24246 is an injection vulnerability addressed through improved input validation, enabling an app to access user-sensitive data. It affects macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The issue, published on 2025-03-31, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor).
A remote attacker with no privileges or user interaction required can exploit this vulnerability over the network with low complexity. By leveraging a malicious app, the attacker gains high-impact access to user-sensitive data, along with potential for high confidentiality, integrity, and availability disruptions as indicated by the CVSS metrics.
Apple security advisories detail the fix via improved validation in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Practitioners should apply these updates promptly, with further details available in the referenced support pages (https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375) and Full Disclosure archives (http://seclists.org/fulldisclosure/2025/Apr/10, http://seclists.org/fulldisclosure/2025/Apr/8).
Details
- CWE(s)