Cyber Resilience

CVE-2025-24259

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0025 48.3th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24259 is a critical-severity Missing Authorization (CWE-862) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Information Discovery (T1217); ranked at the 48.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-24259 is a vulnerability affecting Apple's iPadOS and macOS operating systems, specifically allowing an app to retrieve Safari bookmarks without the required entitlement check. This missing authorization issue, classified under CWE-862, impacts versions prior to iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. It was published on 2025-03-31 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables exploitation by an app lacking proper entitlements, with the CVSS vector indicating remote network access (AV:N), low attack complexity (AC:L), no required privileges (PR:N), and no user interaction (UI:N). Successful exploitation could result in high impacts to confidentiality, integrity, and availability, allowing unauthorized access to sensitive Safari bookmark data.

Apple's security advisories state that the issue was addressed through additional entitlement checks. It is fixed in iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Mitigation involves updating affected systems to these patched versions, with further details available in the referenced Apple support pages (https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, https://support.apple.com/en-us/122405) and http://seclists.org/fulldisclosure/2025/Apr/10.

EU & UK References

Vulnerability details

This issue was addressed with additional entitlement checks. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1217 Browser Information Discovery Discovery
Adversaries may enumerate information about browsers to learn more about compromised environments.
Why these techniques?

The vulnerability allows an app to retrieve Safari bookmarks by bypassing required entitlement checks, directly enabling browser information discovery on the local system.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-31194Same product: Apple Macos
CVE-2025-24245Same product: Apple Macos
CVE-2025-30461Same product: Apple Macos
CVE-2025-24181Same product: Apple Macos
CVE-2025-24249Same product: Apple Macos
CVE-2025-24265Same product: Apple Macos
CVE-2025-24109Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2025-24256Same product: Apple Macos
CVE-2024-40858Same product: Apple Macos

Affected Assets

apple
macos
13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations for accessing system resources like Safari bookmarks, addressing the missing entitlement check.

prevent

Implements least privilege to ensure apps only access Safari bookmarks with required entitlements, preventing unauthorized retrieval.

prevent

Requires timely remediation of flaws like the missing entitlement check by applying patches to fixed OS versions.

References