Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2025-24085
PUBLISHEDA use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia...
- Vendor
- Apple
- Product
- iOS and iPadOS, iPadOS, macOS, tvOS, visionOS, watchOS
- Published
- Jan 27, 2025
- EPSS
- —
Description
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2025-01-29 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://support.apple.com/en-us/122066
- https://support.apple.com/en-us/122068
- https://support.apple.com/en-us/122071
- https://support.apple.com/en-us/122072
- https://support.apple.com/en-us/122073
- https://support.apple.com/en-us/122372
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122375
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Jan 29, 2025 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nessus | https://www.tenable.com/plugins/nessus/233570 | Jun 02, 2025 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Nessus