CVE-2025-24267
Published: 31 March 2025
Summary
CVE-2025-24267 is a high-severity Incorrect Default Permissions (CWE-276) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Employs least privilege to restrict apps to minimal necessary access, directly preventing escalation to root via incorrect default permissions.
Enforces approved access control policies and permissions, addressing the core permissions issue that allows unauthorized root privilege gain.
Requires timely remediation of the specific flaw through patching to macOS versions with additional permissions restrictions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a local permissions weakness (CWE-276) enabling a low-privileged app or process to escalate to root on macOS, directly matching Exploitation for Privilege Escalation.
NVD Description
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
Deeper analysisAI
CVE-2025-24267 is a permissions issue, classified under CWE-276 (Incorrect Default Permissions), affecting Apple's macOS operating system. The vulnerability allows an app to gain root privileges and was addressed with additional restrictions. It impacts macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The issue received a CVSS v3.1 base score of 7.8 (High), reflecting a local attack vector with low attack complexity, low privileges required, no user interaction, unchanged scope, and high impacts on confidentiality, integrity, and availability.
A local attacker with low-level privileges (PR:L) can exploit this vulnerability to escalate privileges to root. The low attack complexity and lack of required user interaction (UI:N) make it feasible for malicious apps or processes already running on the system to bypass restrictions and achieve full administrative control, potentially enabling further compromise such as data exfiltration, persistence, or system takeover.
Apple's security advisories detail the fix through updated versions: macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5, which introduce additional permissions restrictions to prevent privilege escalation. Security practitioners should prioritize updating affected systems, as outlined in the referenced support pages (e.g., https://support.apple.com/en-us/122373), and monitor full disclosure lists for additional technical details.
Details
- CWE(s)