CVE-2025-24137
HIGHCVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
2Tags
Description
A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution.
Analysis
A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as Access of Resource Using Incompatible Type (Type Confusion) (CWE-843), which allows attackers to execute arbitrary code by exploiting type confusion in the application. A type confusion issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.4, macOS Sonoma 14.7.3, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected application termination or arbitrary code execution. Affected products include: Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos, Apple Visionos.
Affected Products
Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos, Apple Visionos.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Enforce strict type checking, use type-safe languages, validate object types before operations.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today