Login Sign Up

CVE-2025-24159

7.8 HIGH

📋 TL;DR

This CVE describes a validation logic vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. This is a local privilege escalation vulnerability affecting multiple Apple platforms including iOS, iPadOS, macOS, visionOS, watchOS, and tvOS. Attackers could gain full system control by exploiting this flaw.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • visionOS
  • watchOS
  • tvOS
Versions: Versions prior to iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3
Operating Systems: Apple iOS, Apple iPadOS, Apple macOS, Apple visionOS, Apple watchOS, Apple tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All affected Apple devices running vulnerable versions are impacted. The vulnerability requires local access or malicious app installation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level access, allowing attackers to install persistent malware, steal sensitive data, bypass security controls, and maintain persistent access to the device.

🟠

Likely Case

Local privilege escalation where a malicious app gains kernel privileges to bypass sandbox restrictions, access protected data, or install additional payloads.

🟢

If Mitigated

Limited impact if devices are fully patched, have app installation restrictions, and follow security best practices with minimal user privileges.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access or convincing users to install malicious applications. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3

Vendor Advisory: https://support.apple.com/en-us/122066

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/tvOS/watchOS/visionOS. 2. Go to System Settings > General > Software Update on macOS. 3. Download and install the latest available update. 4. Restart the device after installation completes.

🔧 Temporary Workarounds

Restrict App Installation

all

Limit app installation to App Store only to prevent malicious applications from being installed.

🧯 If You Can't Patch

  • Implement strict application control policies to prevent unauthorized app installation
  • Segment vulnerable devices from critical network resources and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list. On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac > macOS version.

Check Version:

iOS/iPadOS/tvOS/watchOS/visionOS: Settings > General > About > Version. macOS: sw_vers or System Settings > General > About > macOS version.

Verify Fix Applied:

Verify the installed version matches or exceeds the patched versions listed in the fix information.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel extensions loading
  • Privilege escalation attempts in system logs
  • Unauthorized process execution with elevated privileges

Network Indicators:

  • Unusual outbound connections from system processes
  • Command and control traffic from kernel-level processes

SIEM Query:

source="apple_system_logs" AND (event="kernel_extension_load" OR event="privilege_escalation") AND device_version < "patched_version"

📊 Metadata

CVE ID: CVE-2025-24159
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-94
EPSS Score: 0.06% exploit probability (18.7th percentile)
Published: January 27, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24159, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)