Login Sign Up

CVE-2025-24107

7.8 HIGH

📋 TL;DR

A permissions vulnerability in Apple operating systems allows malicious applications to escalate privileges to root access. This affects macOS, tvOS, watchOS, iOS, and iPadOS users running vulnerable versions. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • macOS
  • tvOS
  • watchOS
  • iOS
  • iPadOS
Versions: Versions prior to macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3, iPadOS 18.3
Operating Systems: Apple operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: All standard configurations are vulnerable. Requires malicious app installation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with root-level persistence, data theft, backdoor installation, and lateral movement capabilities.

🟠

Likely Case

Malicious app gains full system control, enabling data exfiltration, surveillance, and credential harvesting.

🟢

If Mitigated

Limited impact with proper app vetting and security controls, but still significant if malicious app bypasses app store review.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to install malicious application. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3, iOS 18.3, iPadOS 18.3

Vendor Advisory: https://support.apple.com/en-us/122066

Restart Required: Yes

Instructions:

1. Open System Settings > General > Software Update. 2. Install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only install apps from official App Store and trusted developers

🧯 If You Can't Patch

  • Implement strict application allowlisting policies
  • Deploy endpoint detection and response (EDR) solutions to monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Processes running with root privileges from user applications

Network Indicators:

  • Unusual outbound connections from system processes

SIEM Query:

process.parent.name: * AND process.user: root AND process.parent.user != root

📊 Metadata

CVE ID: CVE-2025-24107
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-276
EPSS Score: 0.03% exploit probability (6.3th percentile)
Published: January 27, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24107, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)