CVE-2025-24118 - Vulnerability Details

Description

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.

Published: 2025-01-27

Score: 9.8 Critical

EPSS: 3.6% Low

KEV: No

Impact:

Action:

Analysis

Impact

Improper memory handling in system components allows an application to write arbitrary data to kernel memory or trigger an unexpected system shutdown. This flaw is characterized as a buffer or heap overflow (CWE‑787), enabling kernel data corruption that can destabilize the operating system and potentially allow an attacker to gain control or disrupt service.

Affected Systems

Apple devices running iPadOS versions earlier than 17.7.4 and macOS installations earlier than Sequoia 15.3 or Sonoma 14.7.3 are vulnerable. Any device with those operating system versions may be exposed to the flaw if a malicious or compromised application is installed.

Risk and Exploitability

The vulnerability carries a CVSS score of 9.8 and an EPSS score of 4 %, indicating a high severity but a moderate likelihood of exploitation under current conditions. It is not listed in the CISA KEV catalog yet. Attackers would need to execute code on the local device, typically through a malicious application, to trigger the kernel write or induced termination. The impact is system-wide due to kernel memory involvement, but the vectors are confined to the device itself.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

iPadOS

affected

Version	Status	Constraints
`0`	affected	< 17.7.4

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 14.7.3
`0`	affected	< 15.3

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade iPadOS to 17.7.4 or newer
Upgrade macOS Sequoia to 15.3 or newer
Upgrade macOS Sonoma to 14.7.3 or newer
If an upgrade is not immediately possible, restrict installation of applications from untrusted sources and monitor the device for anomalous termination events

Generated by OpenCVE AI on June 18, 2026 at 03:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-3630	The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.03594.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Jan/14
http://seclists.org/fulldisclosure/2025/Jan/15
http://seclists.org/fulldisclosure/2025/Jan/16
https://support.apple.com/en-us/122067
https://support.apple.com/en-us/122068
https://support.apple.com/en-us/122069

History

Thu, 18 Jun 2026 04:45:00 +0000

Type	Values Removed	Values Added
Title	Kernel memory corruption through improper write leading to system termination

Wed, 17 Jun 2026 07:45:00 +0000

Type	Values Removed	Values Added
Title		Kernel memory corruption through improper write leading to system termination

Tue, 16 Jun 2026 06:30:00 +0000

Type	Values Removed	Values Added
Title	Kernel Memory Write Vulnerability in iPadOS and macOS

Tue, 28 Apr 2026 12:30:00 +0000

Type	Values Removed	Values Added
Title		Kernel Memory Write Vulnerability in iPadOS and macOS

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Jan/14 http://seclists.org/fulldisclosure/2025/Jan/15 http://seclists.org/fulldisclosure/2025/Jan/16

Tue, 18 Mar 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple macos
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:macos::::::::
Vendors & Products		Apple Apple ipados Apple macos

Tue, 28 Jan 2025 16:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-787
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 27 Jan 2025 22:00:00 +0000

Type	Values Removed	Values Added
Description		The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.
References		https://support.apple.com/en-us/122067 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122069

Subscriptions

Apple Ipados Macos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-01-27T21:45:58.119Z

Updated: 2026-06-02T16:04:10.891Z

Reserved: 2025-01-17T00:00:44.970Z

Link: CVE-2025-24118

Vulnrichment

Updated: 2025-11-03T21:02:13.240Z

NVD

Status : Modified

Published: 2025-01-27T22:15:17.033

Modified: 2026-06-17T08:58:07.000

Link: CVE-2025-24118

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-18T03:15:04Z

Weaknesses

CWE-787
Out-of-bounds Write
NVD-CWE-noinfo

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object