Description
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker in a privileged position may be able to perform a denial-of-service.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

A memory handling flaw was identified that can cause the system to become unresponsive. The vulnerability, designated CWE-400, allows an attacker with elevated privileges to trigger a denial‑of‑service condition by making the operating system exhaust or mismanage its memory resources. When successfully exploited, the affected macOS instance can no longer process legitimate user requests, resulting in availability loss for both local and potentially network‑connected services.

Affected Systems

Apple macOS is affected. Any installation before macOS Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5 is vulnerable. The flaw is fixed only in the listed patch versions or later; earlier releases remain at risk and should be upgraded as soon as possible.

Risk and Exploitability

The CVSS score of 9.8 indicates a high‑severity flaw with full exploitation potential. The EPSS score of less than 1% suggests that, at present, the probability of exploitation is low, but this does not eliminate the risk. The vulnerability is not currently listed in CISA’s KEV catalog, which means no known public exploits have been documented yet. Attackers would need a privileged position on the target system to trigger the memory exhaustion or mismanagement that leads to the denial‑of‑service. The impact is limited to availability and does not appear to affect confidentiality or integrity.

Generated by OpenCVE AI on April 28, 2026 at 03:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest macOS update—Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5—to fix the memory handling flaw.
  • Restart the system after the update to ensure all components load the patched code paths.
  • Check Apple’s support articles (122373, 122374, 122375) for additional guidance or firmware updates that may further reduce the risk.

Generated by OpenCVE AI on April 28, 2026 at 03:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8954 The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker in a privileged position may be able to perform a denial-of-service.
History

Tue, 28 Apr 2026 03:30:00 +0000

Type Values Removed Values Added
Title Privileged DoS via Improper Memory Handling in macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker in a privileged position may be able to perform a denial-of-service. The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker in a privileged position may be able to perform a denial-of-service.

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-400
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker in a privileged position may be able to perform a denial-of-service.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:11:59.288Z

Reserved: 2025-01-17T00:00:45.015Z

Link: CVE-2025-24260

cve-icon Vulnrichment

Updated: 2025-11-03T21:11:30.599Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:22.960

Modified: 2026-04-02T19:19:29.303

Link: CVE-2025-24260

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T03:15:05Z

Weaknesses