Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-24085
PUBLISHED
More InfoOfficial Page
Assigner-apple
Assigner Org ID-286789f9-fbc2-4510-9f9a-43facdede74c
View Known Exploited Vulnerability (KEV) details
Published At-27 Jan, 2025 | 21:45
Updated At-13 Nov, 2025 | 19:44
Rejected At-
▼CVE Numbering Authority (CNA)

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

Affected Products
Vendor
Apple Inc.Apple
Product
visionOS
Versions
Affected
  • From unspecified before 2.3 (custom)
Vendor
Apple Inc.Apple
Product
tvOS
Versions
Affected
  • From unspecified before 18.3 (custom)
Vendor
Apple Inc.Apple
Product
macOS
Versions
Affected
  • From unspecified before 15.3 (custom)
Vendor
Apple Inc.Apple
Product
watchOS
Versions
Affected
  • From unspecified before 11.3 (custom)
Vendor
Apple Inc.Apple
Product
iOS and iPadOS
Versions
Affected
  • From unspecified before 18.3 (custom)
Problem Types
TypeCWE IDDescription
N/AN/AA malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Type: N/A
CWE ID: N/A
Description: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.apple.com/en-us/122073
N/A
https://support.apple.com/en-us/122072
N/A
https://support.apple.com/en-us/122068
N/A
https://support.apple.com/en-us/122071
N/A
https://support.apple.com/en-us/122066
N/A
Hyperlink: https://support.apple.com/en-us/122073
Resource: N/A
Hyperlink: https://support.apple.com/en-us/122072
Resource: N/A
Hyperlink: https://support.apple.com/en-us/122068
Resource: N/A
Hyperlink: https://support.apple.com/en-us/122071
Resource: N/A
Hyperlink: https://support.apple.com/en-us/122066
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Type: CWE
CWE ID: CWE-416
Description: CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2025-01-29
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085
Resource:
government-resource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://seclists.org/fulldisclosure/2025/Oct/30
N/A
http://seclists.org/fulldisclosure/2025/Oct/31
N/A
http://seclists.org/fulldisclosure/2025/Oct/23
N/A
http://seclists.org/fulldisclosure/2025/Oct/1
N/A
http://seclists.org/fulldisclosure/2025/Jun/19
N/A
http://seclists.org/fulldisclosure/2025/Apr/10
N/A
http://seclists.org/fulldisclosure/2025/Apr/9
N/A
http://seclists.org/fulldisclosure/2025/Apr/5
N/A
http://seclists.org/fulldisclosure/2025/Jan/19
N/A
http://seclists.org/fulldisclosure/2025/Jan/15
N/A
http://seclists.org/fulldisclosure/2025/Jan/13
N/A
http://seclists.org/fulldisclosure/2025/Jan/12
N/A
https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201
N/A
https://github.com/cisagov/vulnrichment/issues/194
N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Oct/30
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Oct/31
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Oct/23
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Oct/1
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jun/19
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Apr/10
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Apr/9
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Apr/5
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jan/19
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jan/15
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jan/13
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2025/Jan/12
Resource: N/A
Hyperlink: https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201
Resource: N/A
Hyperlink: https://github.com/cisagov/vulnrichment/issues/194
Resource: N/A
Details not found