CVE-2025-24257

Published Mar 31, 2025

Last updated 5 months ago

CVSS high 7.1

Overview

Description: An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to cause unexpected system termination or write kernel memory.
Source: product-security@apple.com
NVD status: Modified
Products: ipados, iphone_os, macos, visionos

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.1
Impact score: 5.2
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Severity: HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-787

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 11

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "6B3450F7-7B4A-46CE-A6E0-BBE6569F2EBF",
            "versionEndExcluding": "18.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990",
            "versionEndExcluding": "18.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "1320B815-0457-4276-83B9-AFAFDAF17EDA",
            "versionEndExcluding": "15.4",
            "versionStartIncluding": "15.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "E82603D7-A630-4B9B-9C51-880667F05EC7",
            "versionEndExcluding": "2.4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.