Description
The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.
Published: 2025-01-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via App Crash
Action: Apply Patch
AI Analysis

Impact

A flaw in the file parsing subsystem can cause an unexpected termination of the application when it processes a specially crafted file. The result is a crash that leads to a denial of service for the user until the app or the device is restarted. The weakness is due to insufficient input validation during parsing.

Affected Systems

The vulnerability affects multiple Apple operating systems, including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The fixes are shipped in iOS 18.3 and later, iPadOS 18.3 or 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3. All preceding releases are considered vulnerable.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity for a denial‑of‑service loss. The EPSS score of < 1% implies a very low likelihood of wide‑scale exploitation in the near term. The vulnerability is not listed in the CISA KEV catalog. A likely exploitation vector would involve delivering a malicious file via mail, file sharing, or a website that triggers the parser; no special local privilege or authenticated access is required.

Generated by OpenCVE AI on April 28, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to a recent Apple OS version that includes the security update (iOS 18.3+, iPadOS 18.3 or 17.7.4, macOS Sequoia 15.3+, macOS Sonoma 14.7.3+, macOS Ventura 13.7.3+, tvOS 18.3+, visionOS 2.3+, watchOS 11.3+).
  • If an OS upgrade cannot be applied immediately, restrict or disable the file‑processing capabilities of applications until the patch is installed to prevent automatic processing of potentially malicious files.
  • Implement or strengthen network‑level and email‑attachment filtering so that malformed or suspicious files are quarantined or blocked before they reach the device.

Generated by OpenCVE AI on April 28, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3634 The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
History

Tue, 28 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Title Malformed File Parsing Causes Unexpected App Crash on Apple OS
Weaknesses CWE-20

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 18 Mar 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos

Tue, 18 Mar 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

Tue, 18 Feb 2025 20:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 28 Jan 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-770
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:14:39.222Z

Reserved: 2025-01-17T00:00:44.971Z

Link: CVE-2025-24123

cve-icon Vulnrichment

Updated: 2025-11-03T21:02:34.010Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:17.413

Modified: 2026-04-02T19:19:03.220

Link: CVE-2025-24123

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:00:13Z

Weaknesses