CVE-2025-24255

High

Published: 31 March 2025

Published

31 March 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0004 12.8th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24255 is a high-severity Improper Input Validation (CWE-20) vulnerability in Apple Macos. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly addresses the improper input validation (CWE-20) that enables malicious apps to break out of macOS sandbox restrictions.

AC-3 Access Enforcement good match

prevent

Enforces sandbox access control policies to prevent unauthorized file access and resource escalation by confined applications.

SI-2 Flaw Remediation good match

prevent

Requires timely identification, reporting, and patching of the specific input validation flaw fixed in macOS updates 15.4, 14.7.5, and 13.7.5.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability enables a local malicious app to escape macOS sandbox restrictions through improper input validation, directly facilitating exploitation for privilege escalation to access unauthorized files and system resources.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A file access issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox.

Deeper analysisAI

CVE-2025-24255 is a file access vulnerability stemming from insufficient input validation, affecting macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The flaw, classified under CWE-20 (Improper Input Validation), enables an app to break out of its sandbox restrictions. It received a CVSS v3.1 base score of 8.4 (High), reflecting local attack vector (AV:L), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

A local attacker can exploit this vulnerability by running a malicious app on the targeted system. No special privileges or user interaction are needed, allowing low-complexity exploitation. Successful exploitation permits the app to escape its sandbox, potentially granting unauthorized access to sensitive files and system resources, leading to high-impact compromise of confidentiality, integrity, and availability.

Apple's security advisories detail the fix through improved input validation in the specified macOS updates: Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. Security practitioners should prioritize patching affected systems, as referenced in Apple's support pages (e.g., HT122373, HT122374, HT122375) and Full Disclosure mailing list announcements.

Details

CWE(s): CWE-20

Affected Products

apple

macos

13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

CVEs Like This One

CVE-2026-28821Same product: Apple Macos

CVE-2025-30452Same product: Apple Macos

CVE-2025-24267Same product: Apple Macos

CVE-2026-28817Same product: Apple Macos

CVE-2025-24277Same product: Apple Macos

CVE-2025-24234Same product: Apple Macos

CVE-2025-24170Same product: Apple Macos

CVE-2025-24228Same product: Apple Macos

CVE-2026-20658Same product: Apple Macos

CVE-2025-30449Same product: Apple Macos

References

https://support.apple.com/en-us/122373
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122374
Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122375
Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Apr/10
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/8
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/9
af854a3a-2127-422b-91ae-364da2661108