CVE-2025-24257
Published: 31 March 2025
Summary
CVE-2025-24257 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Ipados. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 15.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the out-of-bounds write vulnerability by enforcing improved input validation to prevent malicious app inputs from corrupting kernel memory.
Mandates timely patching of known flaws, such as applying the iOS 18.4 and equivalent updates that remediate this specific CVE.
Provides memory protections like address space randomization and executable space protection to mitigate exploitation of out-of-bounds writes targeting kernel memory.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables malicious app to cause system termination via exploitation (T1499.004) and kernel memory corruption for runtime data manipulation (T1565.003).
NVD Description
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to cause unexpected system termination or write kernel…
more
memory.
Deeper analysisAI
CVE-2025-24257 is an out-of-bounds write vulnerability (CWE-787) that was addressed through improved input validation in multiple Apple operating systems. It affects versions of iOS prior to 18.4, iPadOS prior to 18.4, macOS Sequoia prior to 15.4, visionOS prior to 2.4, and watchOS prior to 11.4. The flaw allows a malicious app to potentially cause unexpected system termination or write to kernel memory, earning a CVSS v3.1 base score of 7.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H).
A local attacker with no privileges can exploit this vulnerability by convincing a user to interact with a malicious app, such as through social engineering to install or execute it. Successful exploitation enables high-impact integrity and availability disruption, including kernel memory corruption or system crashes, though it does not provide confidentiality gains or privilege escalation beyond the local context.
Apple's security advisories, detailed in support documents such as https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122376, and https://support.apple.com/en-us/122378, confirm the issue was fixed in the listed software updates. Mitigation requires applying these patches promptly to vulnerable devices. Additional details appear in a Full Disclosure mailing list post at http://seclists.org/fulldisclosure/2025/Apr/12.
Details
- CWE(s)