Vulnerability Description
An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Macos | >= 13.0, < 13.7.5 |
Related Weaknesses (CWE)
References
- https://support.apple.com/en-us/122373Vendor Advisory
- https://support.apple.com/en-us/122374Vendor Advisory
- https://support.apple.com/en-us/122375Vendor Advisory
- http://seclists.org/fulldisclosure/2025/Apr/10
- http://seclists.org/fulldisclosure/2025/Apr/8
- http://seclists.org/fulldisclosure/2025/Apr/9
FAQ
What is CVE-2025-24246?
CVE-2025-24246 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An injection issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access user-sensitive data.
How severe is CVE-2025-24246?
CVE-2025-24246 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-24246?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Macos.