CVE-2025-24085 - Vulnerability Details

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Jan. 29, 2025.

The EPSS score is 0.28136.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Apple Subscribe	Ipados Subscribe Iphone Os Subscribe Macos Subscribe Tvos Subscribe Visionos Subscribe Watchos Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Apr/10
http://seclists.org/fulldisclosure/2025/Apr/5
http://seclists.org/fulldisclosure/2025/Apr/9
http://seclists.org/fulldisclosure/2025/Jan/12
http://seclists.org/fulldisclosure/2025/Jan/13
http://seclists.org/fulldisclosure/2025/Jan/15
http://seclists.org/fulldisclosure/2025/Jan/19
http://seclists.org/fulldisclosure/2025/Jun/19
http://seclists.org/fulldisclosure/2025/Oct/1
http://seclists.org/fulldisclosure/2025/Oct/23
http://seclists.org/fulldisclosure/2025/Oct/30
http://seclists.org/fulldisclosure/2025/Oct/31
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201
https://github.com/cisagov/vulnrichment/issues/194
https://support.apple.com/en-us/122066
https://support.apple.com/en-us/122068
https://support.apple.com/en-us/122071
https://support.apple.com/en-us/122072
https://support.apple.com/en-us/122073
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085

History

Fri, 14 Nov 2025 05:30:00 +0900

Type	Values Removed	Values Added
References		https://github.com/cisagov/vulnrichment/issues/194

Thu, 13 Nov 2025 00:15:00 +0900

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 12 Nov 2025 00:30:00 +0900

Type	Values Removed	Values Added
References		https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201

Tue, 04 Nov 2025 06:30:00 +0900

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Apr/10 http://seclists.org/fulldisclosure/2025/Apr/5 http://seclists.org/fulldisclosure/2025/Apr/9 http://seclists.org/fulldisclosure/2025/Jan/12 http://seclists.org/fulldisclosure/2025/Jan/13 http://seclists.org/fulldisclosure/2025/Jan/15 http://seclists.org/fulldisclosure/2025/Jan/19

Tue, 04 Nov 2025 05:30:00 +0900

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Jun/19

Tue, 04 Nov 2025 04:30:00 +0900

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Oct/1

Tue, 04 Nov 2025 03:30:00 +0900

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Oct/23 http://seclists.org/fulldisclosure/2025/Oct/31

Thu, 30 Oct 2025 12:30:00 +0900

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Oct/30

Wed, 22 Oct 2025 08:15:00 +0900

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085

Wed, 22 Oct 2025 05:30:00 +0900

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085

Wed, 22 Oct 2025 04:30:00 +0900

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085

Wed, 16 Jul 2025 22:45:00 +0900

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0986}`	epss `{'score': 0.12384}`

Fri, 11 Jul 2025 22:45:00 +0900

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.09213}`	epss `{'score': 0.0986}`

Wed, 19 Feb 2025 05:15:00 +0900

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}`	kev `{'dateAdded': '2025-01-29'}` cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Thu, 30 Jan 2025 02:15:00 +0900

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos Apple tvos Apple visionos Apple watchos
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:watchos::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos Apple tvos Apple visionos Apple watchos

Thu, 30 Jan 2025 00:45:00 +0900

Type	Values Removed	Values Added
Weaknesses	CWE-276

Thu, 30 Jan 2025 00:15:00 +0900

Type	Values Removed	Values Added
Weaknesses		CWE-416
Metrics	cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`	cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 29 Jan 2025 01:15:00 +0900

Type	Values Removed	Values Added
Weaknesses		CWE-276
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 28 Jan 2025 07:00:00 +0900

Type	Values Removed	Values Added
Description		A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
References		https://support.apple.com/en-us/122066 https://support.apple.com/en-us/122068 https://support.apple.com/en-us/122071 https://support.apple.com/en-us/122072 https://support.apple.com/en-us/122073

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-01-27T21:45:46.555Z

Updated: 2025-11-13T19:44:48.417Z

Reserved: 2025-01-17T00:00:44.965Z

Link: CVE-2025-24085

Vulnrichment

Updated: 2025-11-11T15:07:42.394Z

NVD

Status : Analyzed

Published: 2025-01-27T22:15:14.990

Modified: 2025-11-14T13:52:51.027

Link: CVE-2025-24085

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-416

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object