CVE-2025-24185: Input Validation
First published: Mon Mar 17 2025(Updated: )
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.3, macOS Sonoma 14.7.3. Parsing a maliciously crafted file may lead to an unexpected app termination.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS | <15.3 | |
| macOS Ventura | <13.7.3 | |
| Apple macOS | <14.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-24185?
CVE-2025-24185 has a high severity due to its potential to cause unexpected app termination.
How do I fix CVE-2025-24185?
To fix CVE-2025-24185, update your system to macOS Sequoia 15.3, macOS Ventura 13.7.3, or macOS Sonoma 14.7.3.
What types of devices are affected by CVE-2025-24185?
CVE-2025-24185 affects devices running macOS Sequoia, macOS Ventura, and macOS Sonoma prior to their respective fixed versions.
What type of vulnerability is CVE-2025-24185?
CVE-2025-24185 is categorized as an out-of-bounds write vulnerability.
What can happen if CVE-2025-24185 is exploited?
Exploitation of CVE-2025-24185 may lead to unexpected termination of applications when parsing a maliciously crafted file.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/apple
- canonical/macos
- canonical/macos ventura
- canonical/apple macos