CVE-2025-24153: Buffer Overflow
First published: Mon Jan 27 2025(Updated: )
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app with root privileges may be able to execute arbitrary code with kernel privileges.
Credit: product-security@apple.com Pedro Tôrres @t0rr3sp3dr0 Josh Parnham @joshparnham 神罚 @Pwnrin @RenwaX23 Michael DePlante @izobashi Trend Micro Zero Day InitiativeZhongquan Li @Guluisacat an anonymous researcher Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeRodolphe BRUNETTI @eisw0lf Lupus NovaYann GASCUEL Alter SolutionsArsenii Kostromin (0x3c3e) Kirin @Pwnrin Adam M. Q1IQ @q1iqF NUS CuriOSityP1umer @p1umer Imperial Global Singaporelinjy HKUS3Labchluo WHUSecLabJohan Carlsson (joaxcar) PixiePoint Security Minghao Lin @Y1nKoc Zhejiang Universitybabywu Zhejiang University Zhejiang UniversityXingwei Lin Zhejiang UniversityWang Yu CyberservalGoogle Threat Analysis Group Desmond Trend Micro Zero Day InitiativePwn2car & Rotiple (HyeongSeok Jang) Trend Micro Zero Day InitiativeCVE-2025-24085 Matej Moravec @MacejkoMoravec Joshua Jones DongJun Kim @smlijun JongSeong Kim in Enki WhiteHat @nevul37 D4m0n Joseph Ravichandran @0xjprx MIT CSAILpattern-f @pattern_F_ Michael (Biscuit) Thomas @social.lol) @biscuit 云散 Mickey Jin @patch1t Bohdan Stasiuk @Bohdan_Stasiuk Uri Katz (Oligo Security)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | <15.3 | |
| macOS | <15.3 | |
| macOS | <15.3 | 15.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/122068 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2025-24126
- CVE-2025-24129
- CVE-2025-24131
- CVE-2025-24177
- CVE-2025-24137
- CVE-2025-24087
- CVE-2025-24112
- CVE-2025-24100
- CVE-2025-24109
- CVE-2025-24114
- CVE-2025-24121
- CVE-2025-24122
- CVE-2025-24127
- CVE-2025-24106
- CVE-2025-24160
- CVE-2025-24161
- CVE-2025-24163
- CVE-2025-24123
- CVE-2025-24124
- CVE-2025-24085
- CVE-2025-24102
- CVE-2025-24134
- CVE-2025-24140
- CVE-2025-24174
- CVE-2025-24086
- CVE-2025-24118
- CVE-2025-24107
- CVE-2025-24159
- CVE-2025-24094
- CVE-2025-24115
- CVE-2025-24116
- CVE-2025-24117
- CVE-2025-24136
- CVE-2025-24101
- CVE-2025-24096
- CVE-2025-24099
- CVE-2025-24130
- CVE-2025-24169
- CVE-2025-24146
- CVE-2025-24128
- CVE-2025-24113
- CVE-2025-24149
- CVE-2025-24103
- CVE-2025-24108
- CVE-2025-24139
- CVE-2025-24151
- CVE-2025-24152
- CVE-2025-24153
- CVE-2025-24138
- CVE-2025-24176
- CVE-2025-24135
- CVE-2025-24145
- CVE-2025-24092
- CVE-2025-24154
- CVE-2025-24143
- CVE-2025-24158
- CVE-2025-24162
- CVE-2025-24150
- CVE-2025-24120
- CVE-2025-24156
Frequently Asked Questions
What is the severity of CVE-2025-24153?
CVE-2025-24153 is classified as a high-severity vulnerability due to its potential to allow arbitrary code execution with kernel privileges.
How do I fix CVE-2025-24153?
To fix CVE-2025-24153, update to macOS Sequoia version 15.3 or later.
What types of issues does CVE-2025-24153 address?
CVE-2025-24153 addresses a buffer overflow issue and a null pointer dereference in Apple's AirPlay.
Which software is affected by CVE-2025-24153?
CVE-2025-24153 affects Apple macOS Sequoia versions up to and including 15.3.
Can CVE-2025-24153 lead to security risks?
Yes, CVE-2025-24153 can lead to significant security risks as it may allow applications with root privileges to execute arbitrary code.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/type
- agent/source
- agent/first-publish-date
- agent/description
- agent/severity
- agent/weakness
- agent/event
- agent/author
- agent/tags
- agent/last-modified-date
- agent/epss
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/guess-ai
- collector/apple-support
- source/Apple
- alias/CVE-2025-24169
- alias/CVE-2025-24146
- alias/CVE-2025-24128
- alias/CVE-2025-24113
- alias/CVE-2025-24149
- alias/CVE-2025-24103
- alias/CVE-2025-24108
- alias/CVE-2025-24139
- alias/CVE-2025-24151
- alias/CVE-2025-24152
- alias/CVE-2025-24153
- alias/CVE-2025-24138
- alias/CVE-2025-24107
- alias/CVE-2025-24176
- alias/CVE-2025-24135
- alias/CVE-2025-24145
- alias/CVE-2025-24092
- alias/CVE-2025-24154
- alias/CVE-2025-24143
- alias/CVE-2025-24158
- alias/CVE-2025-24162
- alias/CVE-2025-24150
- alias/CVE-2025-24120
- alias/CVE-2025-24156
- alias/CVE-2025-24100
- alias/CVE-2025-24109
- alias/CVE-2025-24114
- alias/CVE-2025-24121
- alias/CVE-2025-24122
- alias/CVE-2025-24127
- alias/CVE-2025-24106
- alias/CVE-2025-24160
- alias/CVE-2025-24161
- alias/CVE-2025-24163
- alias/CVE-2025-24123
- alias/CVE-2025-24124
- alias/CVE-2025-24085
- alias/CVE-2025-24102
- alias/CVE-2025-24134
- alias/CVE-2025-24140
- alias/CVE-2025-24174
- alias/CVE-2025-24086
- alias/CVE-2025-24118
- alias/CVE-2025-24159
- alias/CVE-2025-24094
- alias/CVE-2025-24115
- alias/CVE-2025-24116
- alias/CVE-2025-24117
- alias/CVE-2025-24136
- alias/CVE-2025-24101
- alias/CVE-2025-24096
- alias/CVE-2025-24099
- alias/CVE-2025-24130
- alias/CVE-2025-24131
- alias/CVE-2025-24177
- alias/CVE-2025-24137
- alias/CVE-2025-24087
- alias/CVE-2025-24112
- alias/CVE-2025-24129
- collector/epss-latest
- source/FIRST
- agent/softwarecombine
- vendor/apple
- canonical/apple ios and macos
- canonical/macos