CVE-2025-24112 — Allocation of Resources Without Limits or Throttling in Apple Macos

CWE-770 — Allocation of Resources Without Limits or Throttling5 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 92.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Macos Sequoia Apple Macos Sonoma

Timeline

PublishedJan 27

Latest updateJul 8

Description

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. Parsing a file may lead to an unexpected app termination.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶Appleapple/macos_sonoma14.7.3

▶Appleapple/macos_sequoia15.3

▶CVEListV5apple/macos< 15.3

▶NVDapple/macos15.0 — 15.3+1

🔴Vulnerability Details

GHSA

GHSA-86c2-r56g-p9g8: The issue was addressed with improved checks↗2025-01-28

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Defender for Endpoint (MDE) - Elevation of Privilege↗2025-07-08

▶

📋Vendor Advisories

Apple

CVE-2025-24112: macOS Sequoia 15.3↗2025-01-27

▶

Apple

CVE-2025-24112: macOS Sonoma 14.7.3↗2025-01-27

▶