CVE-2025-24258Improper Privilege Management in Apple Macos

CWE-269Improper Privilege ManagementCWE-401Missing Release of Memory after Effective Lifetime6 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 84.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple MacosApple Macos SequoiaApple Macos Sonoma+4 more
Timeline
PublishedMay 12
Latest updateMay 13

Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to gain root privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages8 packages

Appleapple/macos_sonoma14.7.6
Appleapple/macos_ventura13.7.6
CVEListV5apple/macos< 14.7.6+1
NVDapple/macos14.014.7.6+2

🔴Vulnerability Details

1
GHSA
GHSA-xq63-2jcc-9gm3: A permissions issue was addressed with additional restrictions2025-05-13

📋Vendor Advisories

4
Apple
CVE-2025-24258: macOS Sonoma 14.7.62025-05-12
Apple
CVE-2025-24258: macOS Ventura 13.7.62025-05-12
Apple
CVE-2025-24258: macOS Sequoia 15.42025-03-31
Microsoft
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.2024-02-13
CVE-2025-24258 — Improper Privilege Management in Apple | cvebase