CVE-2025-24256
Published: 31 March 2025
Summary
CVE-2025-24256 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 35.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-39 (Process Isolation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely patching of the insufficient bounds checks that allow apps to disclose kernel memory.
Enforces process isolation to prevent user-space apps from accessing kernel memory, countering the out-of-bounds read vulnerability.
Provides memory protections like ASLR and guard pages that reduce the impact and exploitability of out-of-bounds reads disclosing kernel memory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network exploitation (AV:N) of kernel out-of-bounds read enables initial access via public-facing components and facilitates privilege escalation plus credential access through memory disclosure.
NVD Description
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to disclose kernel memory.
Deeper analysisAI
CVE-2025-24256 is a high-severity vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) stemming from insufficient bounds checks, classified under CWE-125 (Out-of-bounds Read). It affects macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5, enabling an app to disclose kernel memory.
A remote attacker with no privileges or user interaction required can exploit this over a network vector with low complexity. Successful exploitation allows the malicious app to read kernel memory, potentially leading to high impacts on confidentiality, integrity, and availability as scored by CVSS.
Apple security advisories detail the fix through improved bounds checks in the patched versions (macOS Sequoia 15.4, Sonoma 14.7.5, Ventura 13.7.5). Relevant updates are documented at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375, with additional full disclosure notes at http://seclists.org/fulldisclosure/2025/Apr/10 and http://seclists.org/fulldisclosure/2025/Apr/8. Security practitioners should prioritize updating affected systems.
Details
- CWE(s)