CVE Database · CVE-2025-24085
CVSS v3.1
10.0
EPSS
19.72%
Published
Jan 27, 2025
Modified
Apr 3, 2026
CISA Known Exploited Vulnerability
Added: 2025-01-29 · Due: 2025-02-19
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Public PoC / Exploit (3)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (9)
References (20)