CVE-2025-24085 — CRITICAL (10.0)

Q: How severe is CVE-2025-24085?

CVE-2025-24085 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-24085?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos, Apple Visionos.

Vulnerability Description

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apple	Ipados	< 17.7.6
Apple	Iphone Os	< 18.3
Apple	Macos	>= 13.0, < 13.7.5
Apple	Tvos	< 18.3
Apple	Visionos	< 2.3
Apple	Watchos	< 11.3

Related Weaknesses (CWE)

CWE-416

References

https://support.apple.com/en-us/122066Release NotesVendor Advisory
https://support.apple.com/en-us/122068Release NotesVendor Advisory
https://support.apple.com/en-us/122071Release NotesVendor Advisory
https://support.apple.com/en-us/122072Release NotesVendor Advisory
https://support.apple.com/en-us/122073Release NotesVendor Advisory
https://support.apple.com/en-us/122372Release NotesVendor Advisory
https://support.apple.com/en-us/122374Release NotesVendor Advisory
https://support.apple.com/en-us/122375Release NotesVendor Advisory
http://seclists.org/fulldisclosure/2025/Apr/10Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Apr/5Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Apr/9Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Jan/12Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Jan/13Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Jan/15Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2025/Jan/19Mailing ListThird Party Advisory

FAQ

What is CVE-2025-24085?

CVE-2025-24085 is a vulnerability with a CVSS score of 10.0 (CRITICAL). A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvO...

How severe is CVE-2025-24085?

CVE-2025-24085 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-24085?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos, Apple Visionos.