Login Sign Up

CVE-2025-24211

9.8 CRITICAL
Denial of Service

📋 TL;DR

A memory corruption vulnerability in Apple's video processing components allows attackers to cause unexpected app termination or corrupt process memory by tricking users into opening malicious video files. This affects multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and visionOS. The high CVSS score indicates critical severity with potential for remote code execution.

💻 Affected Systems

Products:
  • Apple iOS
  • Apple iPadOS
  • Apple macOS
  • Apple tvOS
  • Apple visionOS
Versions: Versions prior to those listed in the fix section
Operating Systems: iOS, iPadOS, macOS, tvOS, visionOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations with video processing capabilities are vulnerable. The vulnerability is in core media handling components.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or persistent malware installation.

🟠

Likely Case

Application crashes (denial of service) and potential memory corruption that could be leveraged for further exploitation.

🟢

If Mitigated

Limited to application crashes if proper sandboxing and memory protections are in place.

🌐 Internet-Facing: HIGH - Malicious video files can be delivered via web, email, or messaging apps.
🏢 Internal Only: MEDIUM - Requires user interaction to open malicious files, but internal file sharing could facilitate spread.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction to open malicious video file. No authentication needed once file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5

Vendor Advisory: https://support.apple.com/en-us/122371

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Navigate to General > Software Update. 3. Download and install the latest available update. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable automatic video preview

all

Prevent automatic video playback in email clients and web browsers

Restrict video file types

all

Block suspicious video file extensions at network perimeter

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized video players
  • Use network segmentation to isolate vulnerable systems and restrict file sharing

🔍 How to Verify

Check if Vulnerable:

Check current OS version against patched versions listed in fix_official section

Check Version:

On macOS: sw_vers -productVersion. On iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions after update

📡 Detection & Monitoring

Log Indicators:

  • Application crashes related to video processing
  • Memory access violation logs
  • Unexpected process termination

Network Indicators:

  • Unusual video file downloads
  • Suspicious file transfers to endpoints

SIEM Query:

source="apple_system_logs" AND (event="crash" OR event="memory_violation") AND process="*video*" OR process="*media*"

📊 Metadata

CVE ID: CVE-2025-24211
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-400
EPSS Score: 0.77% exploit probability (73.1th percentile)
Published: March 31, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24211, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)