Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6. Processing a maliciously crafted image may corrupt process memory.
AnalysisAI
Memory corruption in macOS Sequoia image processing allows remote attackers to achieve arbitrary code execution via maliciously crafted images requiring user interaction. Affects macOS Sequoia versions prior to 15.6, with CVSS 8.8 (High) severity due to potential for complete system compromise. EPSS data unavailable; no public exploit identified at time of analysis. Apple addressed the vulnerability through improved memory handling in macOS 15.6 (released June 2025). Attack requires victim to process a weaponized image file, making social engineering or malicious websites likely delivery vectors.
Technical ContextAI
This vulnerability affects Apple's image processing subsystem within macOS Sequoia (cpe:2.3:a:apple:macos). The flaw stems from improper memory handling when parsing image files, leading to process memory corruption. While no specific CWE classification is provided, the description indicates a memory safety issue likely related to buffer overflows, use-after-free, or similar memory management defects. Apple's image processing frameworks handle multiple file formats (JPEG, PNG, HEIF, etc.) and are invoked by system services, applications, and even preview/thumbnail generation. Memory corruption in image parsers is a historically significant attack surface, as image files are ubiquitous and often processed automatically by email clients, browsers, and file managers. The total technical impact rating in SSVC indicates successful exploitation could lead to arbitrary code execution with the privileges of the vulnerable process.
RemediationAI
Vendor-released patch: macOS Sequoia 15.6. Organizations should deploy macOS 15.6 immediately through standard software update mechanisms (System Settings > General > Software Update) or enterprise patch management tools (Jamf, Munki, Apple Business Manager). Apple's security update HT124149 (https://support.apple.com/en-us/124149) provides official remediation guidance. No workarounds are documented; patching is the only confirmed mitigation. For environments unable to patch immediately, interim risk reduction may include restricting image file sources, disabling automatic image preview/thumbnail generation, and implementing email attachment filtering to block suspicious image files, though these measures provide incomplete protection. Verification post-patch: confirm macOS version reads 15.6 or later via 'About This Mac'.
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209194
GHSA-p5fv-r355-w43j