Description
The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.
Published: 2025-01-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Application Denial of Service (crash)
Action: Update System
AI Analysis

Impact

Improper handling of a specially crafted file while parsing can cause an unexpected termination of the application, resulting in a denial of service that may affect user experience and data continuity. The vulnerability is described as an improper resource shutdown or release flaw, reflected by CWE‑404. The CVSS score of 4.3 indicates moderate severity, primarily impacting availability and stability of the application but not exposing sensitive data directly.

Affected Systems

Apple’s operating systems—including iOS, iPadOS, macOS, tvOS, visionOS, and watchOS—are affected. The issue was fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3. Users of earlier releases should check for and install these updates.

Risk and Exploitability

The EPSS score of < 1 % indicates that exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog, further reducing the chance of widespread exploitation. However, the attack vector is inferred to be local: an attacker would need access to deliver a malicious file to the target user. Once the file is processed, the application crashes, potentially affecting usability and causing a denial of service for legitimate users.

Generated by OpenCVE AI on April 28, 2026 at 03:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest OS updates for iOS, iPadOS, macOS, tvOS, visionOS, and watchOS to reach the patched versions specified above.
  • If immediate updating is infeasible, restrict the processing of untrusted or unknown file types in affected applications, or disable the feature that triggers the parsing routine until a patch is deployed.
  • Monitor system logs for crashes related to file parsing and notify users of known malicious files or upstream threats.

Generated by OpenCVE AI on April 28, 2026 at 03:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3662 The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination. The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 24 Mar 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
Apple visionos
Apple watchos

Tue, 28 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-404
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to an unexpected app termination.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:19:04.791Z

Reserved: 2025-01-17T00:00:44.987Z

Link: CVE-2025-24160

cve-icon Vulnrichment

Updated: 2025-11-03T21:05:01.306Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:19.987

Modified: 2026-04-02T19:19:09.793

Link: CVE-2025-24160

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:00:05Z

Weaknesses