Login Sign Up

CVE-2025-24243

7.8 HIGH
Remote Code Execution

📋 TL;DR

This memory handling vulnerability in Apple operating systems allows arbitrary code execution when processing malicious files. Attackers can exploit this to run unauthorized code on affected devices. All users running vulnerable versions of visionOS, macOS, tvOS, and iOS/iPadOS are affected.

💻 Affected Systems

Products:
  • visionOS
  • macOS
  • tvOS
  • iOS
  • iPadOS
Versions: Versions prior to visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5
Operating Systems: Apple visionOS, Apple macOS, Apple tvOS, Apple iOS, Apple iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. The vulnerability is triggered by processing malicious files, which could come from various sources including email attachments, downloads, or network shares.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the device, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malicious file execution leading to malware installation, data exfiltration, or credential theft through social engineering attacks.

🟢

If Mitigated

Limited impact with proper file handling restrictions and user education preventing malicious file execution.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious files, but common attack vectors like email attachments or downloads make exploitation plausible.
🏢 Internal Only: LOW - Internal systems typically have controlled file sources, reducing exposure to malicious files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open a malicious file. No public exploit code is currently available, but the vulnerability is serious enough that attackers may develop private exploits.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5

Vendor Advisory: https://support.apple.com/en-us/122371

Restart Required: No

Instructions:

1. Open Settings/System Preferences. 2. Navigate to Software Update. 3. Install the latest available update for your operating system. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict File Processing

all

Implement application whitelisting to restrict which applications can process files from untrusted sources.

User Education

all

Train users to avoid opening files from unknown or untrusted sources, especially email attachments and downloads.

🧯 If You Can't Patch

  • Implement strict file type filtering at network perimeter to block potentially malicious files
  • Deploy endpoint detection and response (EDR) solutions to monitor for suspicious file processing behavior

🔍 How to Verify

Check if Vulnerable:

Check your operating system version against the vulnerable versions listed in affected_systems.versions

Check Version:

On macOS: sw_vers -productVersion. On iOS/iPadOS: Settings > General > About > Version. On tvOS: Settings > General > About > Version.

Verify Fix Applied:

Verify your system is running one of the patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected application crashes when processing files
  • Suspicious file processing activity in system logs
  • Unusual memory allocation patterns

Network Indicators:

  • Downloads of suspicious file types from untrusted sources
  • Outbound connections initiated after file processing

SIEM Query:

source="apple_system_logs" AND (event="application_crash" OR event="memory_error") AND process="*file_handler*"

📊 Metadata

CVE ID: CVE-2025-24243
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-94
EPSS Score: 0.1% exploit probability (27th percentile)
Published: March 31, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24243, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)