CVE-2025-24211 - Vulnerability Details

This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00213.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Apple Subscribe	Ipados Subscribe Iphone Os Subscribe Macos Subscribe Tvos Subscribe Visionos Subscribe

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2025-8988	This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://seclists.org/fulldisclosure/2025/Apr/10
http://seclists.org/fulldisclosure/2025/Apr/11
http://seclists.org/fulldisclosure/2025/Apr/12
http://seclists.org/fulldisclosure/2025/Apr/4
http://seclists.org/fulldisclosure/2025/Apr/5
http://seclists.org/fulldisclosure/2025/Apr/8
http://seclists.org/fulldisclosure/2025/Apr/9
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122378

History

Tue, 04 Nov 2025 06:30:00 +0900

Type	Values Removed	Values Added
References		http://seclists.org/fulldisclosure/2025/Apr/10 http://seclists.org/fulldisclosure/2025/Apr/11 http://seclists.org/fulldisclosure/2025/Apr/12 http://seclists.org/fulldisclosure/2025/Apr/4 http://seclists.org/fulldisclosure/2025/Apr/5 http://seclists.org/fulldisclosure/2025/Apr/8 http://seclists.org/fulldisclosure/2025/Apr/9

Mon, 07 Apr 2025 23:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos Apple tvos Apple visionos
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:visionos::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos Apple tvos Apple visionos

Wed, 02 Apr 2025 06:15:00 +0900

Type	Values Removed	Values Added
Weaknesses		CWE-400
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 01 Apr 2025 07:45:00 +0900

Type	Values Removed	Values Added
Description		This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
References		https://support.apple.com/en-us/122371 https://support.apple.com/en-us/122372 https://support.apple.com/en-us/122373 https://support.apple.com/en-us/122374 https://support.apple.com/en-us/122375 https://support.apple.com/en-us/122377 https://support.apple.com/en-us/122378

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-03-31T22:23:15.300Z

Updated: 2025-11-03T21:08:23.455Z

Reserved: 2025-01-17T00:00:45.002Z

Link: CVE-2025-24211

Vulnrichment

Updated: 2025-04-01T20:51:28.407Z

NVD

Status : Modified

Published: 2025-03-31T23:15:19.087

Modified: 2025-11-03T21:19:34.643

Link: CVE-2025-24211

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-400

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object