CVE-2025-24249
Published: 31 March 2025
Summary
CVE-2025-24249 is a critical-severity Missing Authorization (CWE-862) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked at the 34.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-39 (Process Isolation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Process isolation enforces sandbox boundaries that directly prevent apps from checking arbitrary file system paths outside their restricted domains.
Access enforcement requires mechanisms to approve and restrict logical access to file system resources, mitigating the permissions bypass exploited in this CVE.
Least privilege limits app permissions to essential file system access only, reducing the scope and impact of authorization bypasses allowing path existence checks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability directly enables bypassing sandbox restrictions to check existence of arbitrary filesystem paths, which maps to File and Directory Discovery (T1083) for reconnaissance.
NVD Description
A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to check the existence of an arbitrary path on the file system.
Deeper analysisAI
CVE-2025-24249 is a permissions issue, classified under CWE-862 (Missing Authorization), affecting macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The vulnerability enables an app to check the existence of an arbitrary path on the file system, bypassing intended restrictions.
The CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) indicates a critical severity vulnerability exploitable over the network with low attack complexity, no privileges, and no user interaction required. Any attacker able to deliver or influence an app on a targeted system could determine the presence of arbitrary file system paths, potentially enabling reconnaissance for further attacks with high impacts on confidentiality, integrity, and availability.
Apple addressed the issue through additional sandbox restrictions in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Security advisories on support.apple.com (HT122373, HT122374, HT122375) detail the fix, and practitioners should prioritize updating affected systems to mitigate exposure. Additional disclosure notes appear in seclists.org Full Disclosure archives from April 2025.
Details
- CWE(s)