CVE-2025-24251: Null Pointer Dereference
First published: Tue Apr 01 2025(Updated: )
AirDrop. A permissions issue was addressed with additional restrictions.
Credit: product-security@apple.com Ron Masas BREAKPOINTUri Katz (Oligo Security) Hossein Lotfi @hosselot Trend Micro Zero Day InitiativeDominik Rath Martin Kreichgauer Google ChromeYutong Xiu Denis Tokarev @illusionofcha0s Google Threat Analysis Group pattern-f @pattern_F_ Jonathan Bar Or @yo_yo_yo_jbo Microsoft an anonymous researcher CVE-2024-9681 Andr.Ess Kirin @Pwnrin LFY @secsys Fudan UniversityAnonymous Trend Micro Zero Day InitiativeWang Yu CyberservalMichael (Biscuit) Thomas - @social.lol @biscuit CVE-2024-48958 CVE-2025-27113 CVE-2024-56171 Alex Radocea SupernetworksDave G. Supernetworks风沐云烟 @binary_fmyy Minghao Lin @Y1nKoc Jimmy Mickey Jin @patch1t @RenwaX23 Syarif Muhammad Sajjad Bing Shi Alibaba GroupWenchao Li Alibaba GroupXiaolong Bai Alibaba GroupLuyi Xing Indiana University BloomingtonHalle Winkler Politepix theoffcuts.org Andrew James Gonzalez Bohdan Stasiuk @bohdan_stasiuk Apple Gary Kwong Paul Bakker ParagonERPGoogle V8 Security Team Francisco Alonso @revskills rheza @ginggilBesel
| Affected Software | Affected Version | How to fix |
|---|---|---|
| macOS | ||
| tvOS | ||
| macOS Ventura | ||
| Apple iOS, iPadOS, and macOS | >=17.7.6<=18.4 | |
| Apple macOS | ||
| Apple iOS and iPadOS | ||
| Apple iOS, iPadOS, and watchOS | ||
| visionOS | ||
| Apple iOS, iPadOS, and watchOS | <11.4 | 11.4 |
| <17.7.6 | ||
| >=18.0<18.4 | ||
| <18.4 | ||
| <13.7.5 | ||
| >=14.0<14.7.5 | ||
| >=15.0<15.4 | ||
| <18.4 | ||
| <2.4 | ||
| <11.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/122376 (Advisory)
- https://support.apple.com/en-us/122377
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122372
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122378
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122375
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2025-24097
- CVE-2025-24251
- CVE-2025-24244
- CVE-2025-24243
- CVE-2025-30430
- CVE-2025-24180
- CVE-2025-24237
- CVE-2025-30429
- CVE-2025-24212
- CVE-2025-24163
- CVE-2025-24230
- CVE-2025-24190
- CVE-2025-30454
- CVE-2025-31191
- CVE-2025-24182
- CVE-2025-31203
- CVE-2024-9681
- CVE-2025-30439
- CVE-2025-24283
- CVE-2025-30447
- CVE-2025-24210
- CVE-2025-24257
- CVE-2025-30432
- CVE-2024-48958
- CVE-2025-24194
- CVE-2025-27113
- CVE-2024-56171
- CVE-2025-24178
- CVE-2025-31182
- CVE-2025-24238
- CVE-2025-30470
- CVE-2025-30426
- CVE-2025-24173
- CVE-2025-24113
- CVE-2025-30467
- CVE-2025-24167
- CVE-2025-30471
- CVE-2025-30438
- CVE-2025-30433
- CVE-2025-31183
- CVE-2025-24217
- CVE-2025-24214
- CVE-2025-24201
- CVE-2025-24264
- CVE-2025-24216
- CVE-2025-24213
- CVE-2025-24209
- CVE-2025-30427
- CVE-2025-30425
Frequently Asked Questions
What is the severity of CVE-2025-24251?
CVE-2025-24251 is considered a critical severity vulnerability that could lead to unexpected app termination.
How do I fix CVE-2025-24251?
To fix CVE-2025-24251, update your device to the latest versions of macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4, watchOS 11.4, or visionOS 2.4.
What devices are affected by CVE-2025-24251?
CVE-2025-24251 affects devices running macOS Sequoia, tvOS, macOS Ventura, iPadOS, macOS Sonoma, iOS, watchOS, and visionOS.
What is the potential impact of CVE-2025-24251?
An attacker on the local network may exploit CVE-2025-24251 to cause an unexpected termination of applications.
When was CVE-2025-24251 fixed?
CVE-2025-24251 was fixed in the respective software updates released on the specified version dates for each affected platform.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/type
- agent/guess-ai
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/event
- collector/apple-support
- source/Apple
- alias/CVE-2025-24251
- alias/CVE-2025-24244
- alias/CVE-2025-24243
- alias/CVE-2025-30430
- alias/CVE-2025-24180
- alias/CVE-2025-24237
- alias/CVE-2025-30429
- alias/CVE-2025-24212
- alias/CVE-2025-24163
- alias/CVE-2025-24230
- alias/CVE-2025-24190
- alias/CVE-2025-30454
- alias/CVE-2025-31191
- alias/CVE-2025-24182
- alias/CVE-2025-31203
- alias/CVE-2024-9681
- alias/CVE-2025-30439
- alias/CVE-2025-24283
- alias/CVE-2025-30447
- alias/CVE-2025-24210
- alias/CVE-2025-24257
- alias/CVE-2025-30432
- alias/CVE-2024-48958
- alias/CVE-2025-24194
- alias/CVE-2025-27113
- alias/CVE-2024-56171
- alias/CVE-2025-24178
- alias/CVE-2025-31182
- alias/CVE-2025-24238
- alias/CVE-2025-30470
- alias/CVE-2025-30426
- alias/CVE-2025-24173
- alias/CVE-2025-24113
- alias/CVE-2025-30467
- alias/CVE-2025-24167
- alias/CVE-2025-30471
- alias/CVE-2025-30438
- alias/CVE-2025-30433
- alias/CVE-2025-31183
- alias/CVE-2025-24217
- alias/CVE-2025-24214
- alias/CVE-2025-24201
- alias/CVE-2025-24264
- alias/CVE-2025-24216
- alias/CVE-2025-24213
- alias/CVE-2025-24209
- alias/CVE-2025-30427
- alias/CVE-2025-30425
- agent/author
- agent/tags
- agent/source
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- vendor/apple
- canonical/macos
- canonical/tvos
- canonical/macos ventura
- canonical/apple ios, ipados, and macos
- canonical/apple macos
- canonical/apple ios and ipados
- canonical/apple ios, ipados, and watchos
- canonical/visionos
- version/apple ios, ipados, and macos/18.0
- canonical/iphone os
- version/macos/14.0
- version/macos/15.0