Description
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (System Crash)
Action: Immediate Patch
AI Analysis

Impact

An out‑of‑bounds read in macOS can cause an application to cause unexpected system termination, effectively crashing the operating system. The weakness is identified as CWE‑125 and indicates that improper bounds checking can lead to memory errors that destabilize the kernel. An attacker who controls or can influence an application that triggers the fault may be able to force the system to crash, leading to loss of availability for the affected user or organization.

Affected Systems

Apple macOS is affected, specifically all releases prior to the corrective updates: macOS Sequoia earlier than 15.4, Sonoma earlier than 14.7.5, and Ventura earlier than 13.7.5. The published fix addresses these versions and subsequent releases, but any older firmware remains vulnerable.

Risk and Exploitability

The CVSS score of 9.8 classifies the vulnerability as critical, and the EPSS score of less than 1% indicates a low probability of widespread exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, suggesting no known large‑scale exploitation yet. The likely attack vector is local or remote attackers who can run malicious or untrusted applications, as the flaw is triggered by an app causing an out‑of‑bounds read. Given the high severity, immediate patching is recommended to mitigate potential denial‑of‑service incidents.

Generated by OpenCVE AI on April 28, 2026 at 02:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to macOS Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5, which contain the fix for the out‑of‑bounds read.
  • For systems that cannot be immediately updated, restrict execution of third‑party applications that could trigger the fault; remove or re‑sign suspicious apps and enforce Gatekeeper restrictions.
  • Configure the system to automatically download and install macOS updates so that future patches for this and other vulnerabilities are applied promptly.

Generated by OpenCVE AI on April 28, 2026 at 02:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8945 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.
History

Tue, 28 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Read Leading to Unintended System Termination in macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination. An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination.

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:19:50.095Z

Reserved: 2025-01-17T00:00:45.016Z

Link: CVE-2025-24265

cve-icon Vulnrichment

Updated: 2025-11-03T21:11:50.174Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:23.437

Modified: 2026-04-02T19:19:30.207

Link: CVE-2025-24265

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T03:00:10Z

Weaknesses