CVE-2025-24247 - Vulnerability Details

- macOS Type Confusion Vulnerability Allowing Unexpected Application Termination

Description

A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker may be able to cause unexpected app termination.

Published: 2025-03-31

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A type confusion flaw was discovered in macOS, leading to unexpected application termination when exploited, effectively denying service to the affected programs. The bug was remedied by adding stricter type checks, but until patched systems remain vulnerable. The weakness is identified as CWE-400, highlighting improper resource handling that can be triggered under specific conditions.

Affected Systems

Apple macOS is the sole vendor affected. Systems running macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, or macOS Ventura prior to 13.7.5 are susceptible. The vulnerability is mitigated in the stated patch releases and later versions.

Risk and Exploitability

The CVSS base score of 9.8 marks this flaw as critical, while the EPSS score of < 1% indicates a very low probability that it is currently being exploited, yet the impact remains severe. The vulnerability is not listed in the CISA KEV catalog, so there is no known active exploitation curve. Attack vectors are not disclosed in the description, so it may require local user interaction or privileged access; the exact vector is thus inferred as likely local or requiring application-level privilege.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Apple

macOS

affected

Version	Status	Constraints
`0`	affected	< 13.7.5
`0`	affected	< 14.7.5
`0`	affected	< 15.4

Configuration 1 [-]

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest macOS security update that includes the patch for CVE‑2025‑24247 (macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5 or later).
Restart the computer to ensure all system components and applications reload under the patched kernel.
Apply any additional updates for third‑party applications that may interact with the affected system components to avoid related crashes.

Generated by OpenCVE AI on April 28, 2026 at 19:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-8960	A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker may be able to cause unexpected app termination.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00145.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Apr/10
http://seclists.org/fulldisclosure/2025/Apr/8
http://seclists.org/fulldisclosure/2025/Apr/9
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375

History

Tue, 28 Apr 2026 19:30:00 +0000

Type	Values Removed	Values Added
Title		macOS Type Confusion Vulnerability Allowing Unexpected Application Termination

Thu, 02 Apr 2026 20:30:00 +0000

Type	Values Removed	Values Added
Description	A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker may be able to cause unexpected app termination.	A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker may be able to cause unexpected app termination.

Mon, 03 Nov 2025 22:30:00 +0000

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Apr/10 http://seclists.org/fulldisclosure/2025/Apr/8 http://seclists.org/fulldisclosure/2025/Apr/9

Mon, 07 Apr 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos
CPEs		cpe:2.3:o:apple:macos::::::::
Vendors & Products		Apple Apple macos

Tue, 01 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-400
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 31 Mar 2025 22:45:00 +0000

Type	Values Removed	Values Added
Description		A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker may be able to cause unexpected app termination.
References		https://support.apple.com/en-us/122373 https://support.apple.com/en-us/122374 https://support.apple.com/en-us/122375

Subscriptions

Apple Macos

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-03-31T22:23:00.495Z

Updated: 2026-04-02T18:13:46.214Z

Reserved: 2025-01-17T00:00:45.009Z

Link: CVE-2025-24247

Vulnrichment

Updated: 2025-11-03T21:10:50.924Z

NVD

Status : Modified

Published: 2025-03-31T23:15:21.917

Modified: 2026-04-02T19:19:26.623

Link: CVE-2025-24247

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-28T19:15:25Z

Weaknesses

CWE-400

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object