CVE-2025-24085

CRITICAL
2025-01-27 [email protected]
10.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
PoC Detected
Apr 03, 2026 - 11:44 vuln.today
Public exploit code
Added to CISA KEV
Apr 03, 2026 - 11:44 cisa
CISA KEV
Analysis Generated
Mar 28, 2026 - 18:05 vuln.today
CVE Published
Jan 27, 2025 - 22:15 nvd
CRITICAL 10.0

Tags

Memory Corruption Use After Free Apple Denial Of Service

Description

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

Analysis

Apple CoreMedia contains a use-after-free vulnerability allowing malicious applications to elevate privileges, exploited in the wild against iOS versions before iOS 17.2 as part of targeted surveillance operations.

Technical Context

The CWE-416 use-after-free in CoreMedia's memory management allows a malicious app to escalate privileges by accessing freed media processing objects. The vulnerability spans all Apple platforms using CoreMedia.

Affected Products

['Apple iOS before 18.3', 'Apple iPadOS before 18.3', 'Apple macOS Sequoia before 15.3', 'Apple visionOS before 2.3', 'Apple watchOS before 11.3', 'Apple tvOS before 18.3']

Remediation

Update all Apple devices to the latest OS versions. Enable Lockdown Mode for high-risk users. Deploy MDM policies enforcing minimum OS versions.

Priority Score

145
Low Medium High Critical
KEV: +50
EPSS: +25.2
CVSS: +50
POC: +20

Share

CVE-2025-24085 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy