{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-24274", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-01-17T00:00:45.017Z", "datePublished": "2025-05-12T21:43:02.055Z", "dateUpdated": "2026-04-02T18:26:38.707Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A malicious app may be able to gain root privileges"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "13.7.6", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "14.7.6", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to gain root privileges."}], "references": [{"url": "https://support.apple.com/en-us/122716"}, {"url": "https://support.apple.com/en-us/122717"}, {"url": "https://support.apple.com/en-us/122718"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:26:38.707Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-13T14:34:02.747281Z", "id": "CVE-2025-24274", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T21:00:59.615Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/9"}, {"url": "http://seclists.org/fulldisclosure/2025/May/8"}, {"url": "http://seclists.org/fulldisclosure/2025/May/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:44:42.987Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-24274", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-13T14:34:02.747281Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T20:01:17.977Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.5", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.7", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122716"}, {"url": "https://support.apple.com/en-us/122717"}, {"url": "https://support.apple.com/en-us/122718"}], "descriptions": [{"lang": "en", "value": "An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A malicious app may be able to gain root privileges"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-05-12T21:43:02.055Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24274", "state": "PUBLISHED", "dateUpdated": "2025-05-13T21:00:59.615Z", "dateReserved": "2025-01-17T00:00:45.017Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-05-12T21:43:02.055Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "A90AA958-60F3-474C-B351-0F143B498B3E", "versionEndExcluding": "13.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EE6D3FD-8A49-48CF-80A3-0FFC6BA80B99", "versionEndExcluding": "14.7.6", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7416C76-07EC-4132-A509-E3F62B002CCA", "versionEndExcluding": "15.5", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An input validation issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to gain root privileges."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de validaci\u00f3n de entrada eliminando el c\u00f3digo vulnerable. Este problema est\u00e1 corregido en macOS Ventura 13.7.6, macOS Sequoia 15.5 y macOS Sonoma 14.7.6. Una aplicaci\u00f3n maliciosa podr\u00eda obtener privilegios de root."}], "id": "CVE-2025-24274", "lastModified": "2026-04-02T19:19:31.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-12T22:15:20.440", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122716"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122717"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122718"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/9"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T11:19:06.125098+00:00", "value": {"mitigation_remediation": ["Upgrade to macOS Sequoia 15.5, macOS Sonoma 14.7.6, or macOS Ventura 13.7.6 where the vulnerable code has been removed.", "If an immediate upgrade is not possible, enforce strict application control by enabling Gatekeeper and limiting execution of untrusted applications to reduce exposure to local malicious code.", "Continuously monitor the system for signs of privilege escalation, such as unexpected root-owned processes, and audit logs to detect anomalous behavior."], "summary": {"action": "Patch Now", "impact": "Privilege Escalation to root"}, "threat_synthesis": {"affected_systems": "Apple\u2019s macOS operating system is affected, specifically earlier releases of Sequoia, Sonoma, and Ventura. The issue has been resolved in macOS Sequoia 15.5, macOS Sonoma 14.7.6, and macOS Ventura 13.7.6; any earlier versions that have not received these updates remain vulnerable.", "description_and_impact": "The vulnerability is an input validation flaw in macOS where untrusted input handling was removed, allowing a malicious application to obtain root privileges. The weakness is classified as CWE\u201120 and is explicitly stated to be fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, and macOS Ventura 13.7.6.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity vulnerability. The EPSS score of less than 1% shows that exploitation is currently unlikely, and the vulnerability is not listed in CISA KEV. Based on the description, a local malicious application that supplies crafted input could trigger the flaw and elevate privileges, making the risk significant despite the low exploitation probability."}}}}, "created": "2026-04-28T11:30:29.830246+00:00", "title": "macOS Input Validation Vulnerability Enabling Root Privilege Escalation", "updated": "2026-04-28T11:30:29.830256+00:00", "vendors": []}