AI description
CVE-2025-24277 is a security vulnerability found in macOS operating systems, specifically within the Crash Reporter component. The vulnerability arises from a parsing issue in how the system handles directory paths. This flaw could allow a malicious application to potentially gain root privileges on an affected system. The vulnerability stems from improper path validation in the directory paths handling mechanism. Apple has addressed this vulnerability by improving path validation in the affected components. The fix is available in macOS Ventura 13.7.5, macOS Sonoma 14.7.5, and macOS Sequoia 15.4. Users are advised to update their systems to these versions or later to protect against this vulnerability.
- Description
- A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
- Source
- product-security@apple.com
- NVD status
- Modified
- Products
- macos
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-276
- Hype score
- Not currently trending
The writeup to our #OBTS talk “CrashOne - A Starbucks Story - CVE-2025-24277“ with @gergely_kalman is up at Iru’s website. This was a cool sandbox escape + lpe on macOS. https://t.co/Vd6sRJzyk0
@theevilbit
13 Nov 2025
4569 Impressions
12 Retweets
52 Likes
16 Bookmarks
2 Replies
1 Quote
The slidedeck to our talk, Crash One: A Starbucks Story - CVE-2025-24277, with @gergely_kalman from @hexacon_fr and @objective_see #OBTS is available from the link below. It was a macOS vulnerability impacting the crash reporting process where we could achieve LPE and sandbox
@theevilbit
15 Oct 2025
7608 Impressions
25 Retweets
80 Likes
33 Bookmarks
1 Reply
0 Quotes
Two guys @gergely_kalman & @theevilbit walk into a Starbucks. One latte. One “this probably isn’t exploitable” bug. ☕➡️💣 CVE-2025-24277 is born. Sandbox: escaped. macOS: rattled. This kind of story? Only at #OBTS. 🎤🔥 https://t.co/OZvYFgQrlc
@Mu55sy
15 Oct 2025
81 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
"Crash One - A StarBucks Story (CVE-2025-24277)" by Csaba Fitzl (@theevilbit) and Gergely Kalman (@gergely_kalman ) (not a coffee related talk) https://t.co/rh2wzCBDyN
@hexacon_fr
10 Oct 2025
2677 Impressions
2 Retweets
14 Likes
0 Bookmarks
0 Replies
1 Quote
📢"Crash One - A StarBucks Story (CVE-2025-24277)" by Csaba Fitzl and Gergely Kalman https://t.co/yZmZoJVL4X
@hexacon_fr
3 Oct 2025
1525 Impressions
3 Retweets
10 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-24277 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS… https://t.co/hO9hdUT6Jk
@CVEnew
1 Apr 2025
367 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two new CVEs for me this time around: CVE-2025-30456 and CVE-2025-24277 with the one and only @theevilbit :) Time to look for some bypasses eh?
@gergely_kalman
31 Mar 2025
2063 Impressions
2 Retweets
39 Likes
1 Bookmark
3 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAFA86AE-8EE9-414C-9FD2-C8551FF2A5CC",
"versionEndExcluding": "13.7.5",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D05DCA25-A1A0-4AEA-9F31-952803114EE2",
"versionEndExcluding": "14.7.5",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1320B815-0457-4276-83B9-AFAFDAF17EDA",
"versionEndExcluding": "15.4",
"versionStartIncluding": "15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]