CVE-2025-24259
Published: 31 March 2025
Summary
CVE-2025-24259 is a critical-severity Missing Authorization (CWE-862) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Information Discovery (T1217); ranked at the 48.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces approved authorizations for accessing system resources like Safari bookmarks, addressing the missing entitlement check.
Implements least privilege to ensure apps only access Safari bookmarks with required entitlements, preventing unauthorized retrieval.
Requires timely remediation of flaws like the missing entitlement check by applying patches to fixed OS versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows an app to retrieve Safari bookmarks by bypassing required entitlement checks, directly enabling browser information discovery on the local system.
NVD Description
This issue was addressed with additional entitlement checks. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check.
Deeper analysisAI
CVE-2025-24259 is a vulnerability affecting Apple's iPadOS and macOS operating systems, specifically allowing an app to retrieve Safari bookmarks without the required entitlement check. This missing authorization issue, classified under CWE-862, impacts versions prior to iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. It was published on 2025-03-31 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables exploitation by an app lacking proper entitlements, with the CVSS vector indicating remote network access (AV:N), low attack complexity (AC:L), no required privileges (PR:N), and no user interaction (UI:N). Successful exploitation could result in high impacts to confidentiality, integrity, and availability, allowing unauthorized access to sensitive Safari bookmark data.
Apple's security advisories state that the issue was addressed through additional entitlement checks. It is fixed in iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Mitigation involves updating affected systems to these patched versions, with further details available in the referenced Apple support pages (https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, https://support.apple.com/en-us/122405) and http://seclists.org/fulldisclosure/2025/Apr/10.
Details
- CWE(s)