CVE-2025-24131

The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122066	Release Notes
https://support.apple.com/en-us/122068	Release Notes
https://support.apple.com/en-us/122071	Release Notes
https://support.apple.com/en-us/122072	Release Notes
https://support.apple.com/en-us/122073	Release Notes
http://seclists.org/fulldisclosure/2025/Jan/13
http://seclists.org/fulldisclosure/2025/Jan/15
http://seclists.org/fulldisclosure/2025/Jan/18
http://seclists.org/fulldisclosure/2025/Jan/19

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

03 Nov 2025, 21:19

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2025/Jan/13 - () http://seclists.org/fulldisclosure/2025/Jan/15 - () http://seclists.org/fulldisclosure/2025/Jan/18 - () http://seclists.org/fulldisclosure/2025/Jan/19 -

Information

Published : 2025-01-27 22:15

Updated : 2025-11-03 21:19

NVD link : CVE-2025-24131

Mitre link : CVE-2025-24131

CVE.ORG link : CVE-2025-24131

JSON object : View

Products Affected

apple

watchos
visionos
ipados
iphone_os
tvos
macos

CWE

NVD-CWE-noinfo CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2025-24131", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-01-27T22:15:18.070", "references": [{"url": "https://support.apple.com/en-us/122066", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/122068", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/122071", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/122072", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/122073", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "http://seclists.org/fulldisclosure/2025/Jan/13", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Jan/15", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Jan/18", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Jan/19", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position may be able to perform a denial-of-service."}, {"lang": "es", "value": "El problema se solucion\u00f3 mejorando la gesti\u00f3n de la memoria. Este problema se solucion\u00f3 en visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. Un atacante en una posici\u00f3n privilegiada podr\u00eda realizar una denegaci\u00f3n de servicio."}], "lastModified": "2025-11-03T21:19:24.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B7F80FC-EB0A-4B78-8CB7-18E5F162CD6A", "versionEndExcluding": "18.3"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71A94ACA-8143-475F-8A89-8020B86CE80B", "versionEndExcluding": "18.3"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38BA63B3-CC2C-4E63-AE2C-B8DB08B5E89B", "versionEndExcluding": "15.3"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60C0BA29-0969-4181-B6F1-4606986B18E4", "versionEndExcluding": "18.3"}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F91BF3D5-D8E5-437C-8301-C9F22AAFB8BD", "versionEndExcluding": "2.3"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A128237-004C-49D7-A559-5BBC38362361", "versionEndExcluding": "11.3"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}