CVE-2025-24149

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. Parsing a file may lead to disclosure of user information.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122066	Release Notes Vendor Advisory
https://support.apple.com/en-us/122067	Release Notes Vendor Advisory
https://support.apple.com/en-us/122068	Release Notes Vendor Advisory
https://support.apple.com/en-us/122069	Release Notes Vendor Advisory
https://support.apple.com/en-us/122070	Release Notes Vendor Advisory
https://support.apple.com/en-us/122071	Release Notes Vendor Advisory
https://support.apple.com/en-us/122072	Release Notes Vendor Advisory
https://support.apple.com/en-us/122073	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Jan/13
http://seclists.org/fulldisclosure/2025/Jan/14
http://seclists.org/fulldisclosure/2025/Jan/15
http://seclists.org/fulldisclosure/2025/Jan/16
http://seclists.org/fulldisclosure/2025/Jan/17
http://seclists.org/fulldisclosure/2025/Jan/18
http://seclists.org/fulldisclosure/2025/Jan/19

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

03 Nov 2025, 21:19

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2025/Jan/13 - () http://seclists.org/fulldisclosure/2025/Jan/14 - () http://seclists.org/fulldisclosure/2025/Jan/15 - () http://seclists.org/fulldisclosure/2025/Jan/16 - () http://seclists.org/fulldisclosure/2025/Jan/17 - () http://seclists.org/fulldisclosure/2025/Jan/18 - () http://seclists.org/fulldisclosure/2025/Jan/19 -

03 Mar 2025, 22:45

Type	Values Removed	Values Added
CWE		CWE-125
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
First Time		Apple watchos Apple visionos Apple iphone Os Apple Apple tvos Apple macos Apple ipados
CPE		cpe:2.3:o:apple:tvos:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:macos::::::::
References	~~() https://support.apple.com/en-us/122066 -~~	() https://support.apple.com/en-us/122066 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122067 -~~	() https://support.apple.com/en-us/122067 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122068 -~~	() https://support.apple.com/en-us/122068 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122069 -~~	() https://support.apple.com/en-us/122069 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122070 -~~	() https://support.apple.com/en-us/122070 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122071 -~~	() https://support.apple.com/en-us/122071 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122072 -~~	() https://support.apple.com/en-us/122072 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122073 -~~	() https://support.apple.com/en-us/122073 - Release Notes, Vendor Advisory

18 Feb 2025, 20:15

Type	Values Removed	Values Added
CWE	~~CWE-922~~
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : unknown

28 Jan 2025, 16:15

Type	Values Removed	Values Added
CWE		CWE-922
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) Se solucionó un problema de lectura fuera de los límites con una comprobación de límites mejorada. Este problema se solucionó en iPadOS 17.7.4, macOS Ventura 13.7.3, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. El análisis de un archivo puede provocar la divulgación de información del usuario.

27 Jan 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-27 22:15

Updated : 2025-11-03 21:19

NVD link : CVE-2025-24149

Mitre link : CVE-2025-24149

CVE.ORG link : CVE-2025-24149

JSON object : View

Products Affected

apple

watchos
iphone_os
visionos
tvos
ipados
macos

CWE

CWE-125

Out-of-bounds Read

5.5 /10