Description
This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An attacker may be able to cause unexpected app termination.
Published: 2025-01-27
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Application crash leading to denial of service
Action: Apply update
AI Analysis

Impact

This vulnerability arises from improper management of object lifetimes within macOS, allowing an attacker to cause unexpected termination of applications. The result is a denial of service by disrupting application availability. The weakness is classified as CWE-772, which pertains to improper release or failure to release resources.

Affected Systems

The flaw affects Apple macOS on versions that precede the security updates: macOS Sequoia prior to 15.3, macOS Sonoma prior to 14.7.3, and macOS Ventura prior to 13.7.3. All other Apple macOS releases built after these dates are considered hardened.

Risk and Exploitability

The CVSS score of 7.5 underscores its high severity, although the EPSS score of less than 1% suggests exploitation is currently unlikely. The vulnerability is not listed in CISA's KEV catalog. Because the advisory does not describe a concrete attack vector, it is inferred that exploitation may require local access or the presence of malicious software that can trigger the object lifetime misuse. The overall risk is moderate to high, primarily as a denial-of-service vector rather than a remote code execution.

Generated by OpenCVE AI on April 28, 2026 at 03:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the macOS operating system to a version that includes the fix, such as macOS Sequoia 15.3, macOS Sonoma 14.7.3, or macOS Ventura 13.7.3 or later.
  • Monitor system logs for unexpected application terminations to detect potential exploitation attempts.
  • If an update cannot be applied immediately, restrict the execution of untrusted or proprietary applications that may trigger the bug until a patch is available.

Generated by OpenCVE AI on April 28, 2026 at 03:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3631 This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An attacker may be able to cause unexpected app termination.
History

Tue, 28 Apr 2026 04:15:00 +0000

Type Values Removed Values Added
Title Object Lifetime Mismanagement Causing Unexpected App Termination in macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An attacker may be able to cause unexpected app termination. This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An attacker may be able to cause unexpected app termination.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Wed, 05 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-772
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 31 Jan 2025 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description This issue was addressed by improved management of object lifetimes. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An attacker may be able to cause unexpected app termination.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:20:45.516Z

Reserved: 2025-01-17T00:00:44.971Z

Link: CVE-2025-24120

cve-icon Vulnrichment

Updated: 2025-11-03T21:02:17.349Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:17.140

Modified: 2026-04-02T19:19:02.673

Link: CVE-2025-24120

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:00:05Z

Weaknesses