CVE-2025-24182 - Vulnerability Details

- Out‑of‑Bounds Read in Font Processing Allows Process Memory Disclosure

Description

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted font may result in the disclosure of process memory.

Published: 2025-03-31

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An attacker can trigger an out‑of‑bounds read by supplying a malicious font, leading to the disclosure of process memory. The flaw is a classic input validation bug identified as CWE‑125. Because the data read is from memory, confidentiality is compromised while integrity is not directly affected.

Affected Systems

Apple’s iOS, iPadOS, macOS, tvOS, visionOS and watchOS are affected. The vulnerability is fixed in iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4 and watchOS 11.4.

Risk and Exploitability

The CVSS score is 5.5, indicating moderate risk, and the EPSS score of less than 1% suggests exploitation is unlikely at present. The vulnerability is not listed in CISA’s KEV catalog. Attackers must deliver a crafted font that the operating system processes, which is most likely a local attack or one that requires a user to install an application containing the malicious font. The exploit path therefore requires local interaction or a privileged application that can load the font, and there is no publicly known remote exploitation method.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

iOS and iPadOS

affected

Version	Status	Constraints
`0`	affected	< 18.4

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 15.4

Apple

tvOS

affected

Version	Status	Constraints
`0`	affected	< 18.4

Apple

visionOS

affected

Version	Status	Constraints
`0`	affected	< 2.4

Apple

watchOS

affected

Version	Status	Constraints
`0`	affected	< 11.4

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:visionos::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest system update that includes iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, or watchOS 11.4.
If an immediate update is not possible, prevent the installation or use of untrusted fonts by configuring device management or local security settings.
Enable or enforce strict font validation policies through mobile device management to avoid processing maliciously crafted fonts.

Generated by OpenCVE AI on April 28, 2026 at 02:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-9003	An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing a maliciously crafted font may result in the disclosure of process memory.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.001.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Apr/11
http://seclists.org/fulldisclosure/2025/Apr/12
http://seclists.org/fulldisclosure/2025/Apr/13
http://seclists.org/fulldisclosure/2025/Apr/4
http://seclists.org/fulldisclosure/2025/Apr/8
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122376
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122378

History

Tue, 28 Apr 2026 03:00:00 +0000

Type	Values Removed	Values Added
Title		Out‑of‑Bounds Read in Font Processing Allows Process Memory Disclosure

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing a maliciously crafted font may result in the disclosure of process memory.	An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted font may result in the disclosure of process memory.
References		https://support.apple.com/en-us/122376

Mon, 03 Nov 2025 21:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Apr/11 http://seclists.org/fulldisclosure/2025/Apr/12 http://seclists.org/fulldisclosure/2025/Apr/4 http://seclists.org/fulldisclosure/2025/Apr/8

Mon, 03 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Apr/13

Mon, 07 Apr 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos Apple visionos
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:visionos::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos Apple visionos

Tue, 01 Apr 2025 20:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 31 Mar 2025 22:45:00 +0000

Type	Values Removed	Values Added
Description		An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. Processing a maliciously crafted font may result in the disclosure of process memory.
References		https://support.apple.com/en-us/122371 https://support.apple.com/en-us/122373 https://support.apple.com/en-us/122377 https://support.apple.com/en-us/122378

Subscriptions

Apple Ipados Iphone Os Macos Visionos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-03-31T22:23:50.082Z

Updated: 2026-04-02T18:22:28.730Z

Reserved: 2025-01-17T00:00:44.993Z

Link: CVE-2025-24182

Vulnrichment

Updated: 2025-11-03T21:06:48.641Z

NVD

Status : Modified

Published: 2025-03-31T23:15:17.277

Modified: 2026-04-02T19:19:14.660

Link: CVE-2025-24182

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T02:45:11Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object