CVE-2025-24157 - Vulnerability Details

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.

Published: 2025-03-31

Score: 5.6 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overflow in macOS leads to unexpected system termination or corrupt kernel memory. The vulnerability, a CWE-120 type buffer overflow, results from improper memory handling that allows malicious input to overwrite memory, potentially causing a crash or kernel corruption.

Affected Systems

The flaw affects Apple macOS versions prior to Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. Any system running earlier releases of these macOS editions is vulnerable.

Risk and Exploitability

The CVSS score of 5.6 indicates moderate severity. The EPSS score of less than 1% suggests a low likelihood of real‑world exploitation at this time, and the vulnerability is not listed in CISA KEV. Attackers would need to trigger the buffer overflow; however, the exact attack path is not detailed in the advisory. The likely attack vector is through a malicious application or exploit code that reaches the vulnerable code path, an inference based on the nature of the buffer overflow.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 13.7.5
`0`	affected	< 14.7.5
`0`	affected	< 15.4

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade macOS to the fixed version (Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5) or later.
Restart the system after the upgrade to apply the kernel changes.
Maintain regular backups and monitor system logs for any signs of kernel instability until the update is applied.

Generated by OpenCVE AI on April 28, 2026 at 19:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-9021	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00166.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Apr/10
http://seclists.org/fulldisclosure/2025/Apr/8
http://seclists.org/fulldisclosure/2025/Apr/9
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375

History

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Apr/10 http://seclists.org/fulldisclosure/2025/Apr/8 http://seclists.org/fulldisclosure/2025/Apr/9

Fri, 04 Apr 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos
CPEs		cpe:2.3:o:apple:macos::::::::
Vendors & Products		Apple Apple macos

Tue, 01 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-120
Metrics		cvssV3_1 `{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 31 Mar 2025 22:45:00 +0000

Type	Values Removed	Values Added
Description		A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.
References		https://support.apple.com/en-us/122373 https://support.apple.com/en-us/122374 https://support.apple.com/en-us/122375

Subscriptions

Apple Macos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-03-31T22:23:43.576Z

Updated: 2026-04-02T18:21:38.935Z

Reserved: 2025-01-17T00:00:44.986Z

Link: CVE-2025-24157

Vulnrichment

Updated: 2025-11-03T21:04:37.774Z

NVD

Status : Modified

Published: 2025-03-31T23:15:16.397

Modified: 2026-04-02T19:19:09.173

Link: CVE-2025-24157

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T19:15:25Z

Weaknesses

CWE-120

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object