CVE-2025-24250
Published: 31 March 2025
Summary
CVE-2025-24250 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 36.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved access authorizations, directly addressing the insufficient access restrictions that allowed a malicious HTTPS proxy app to access sensitive user data.
Controls information flow within the system, mitigating unauthorized access to sensitive data by apps acting as HTTPS proxies.
Applies least privilege to limit app access to only necessary resources, reducing the risk of sensitive data exposure via malicious proxy apps.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables a malicious app to function as an HTTPS proxy and access sensitive user data due to insufficient access restrictions, directly facilitating Adversary-in-the-Middle attacks for intercepting network traffic.
NVD Description
This issue was addressed with improved access restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app acting as a HTTPS proxy could get access to sensitive user data.
Deeper analysisAI
CVE-2025-24250 is a high-severity vulnerability (CVSS 9.8) in Apple's macOS operating system, classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It stems from insufficient access restrictions that allow a malicious app functioning as an HTTPS proxy to access sensitive user data. The issue affects macOS versions prior to Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5.
An attacker can exploit this vulnerability remotely over the network (AV:N) with low complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). By deploying a malicious app that acts as an HTTPS proxy, the attacker gains high-impact access to sensitive user data, with potential for confidentiality (C:H), integrity (I:H), and availability (A:H) compromises.
Apple's security advisories confirm the vulnerability was addressed through improved access restrictions in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Security practitioners should prioritize updating affected systems, as detailed in the referenced support pages (e.g., https://support.apple.com/en-us/122373) and full disclosure archives.
Details
- CWE(s)