CVE-2025-24277

CVSS v3.1

7.8

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions macOS versions prior to Ventura 13.7.5 macOS versions prior to Sequoia 15.4 macOS versions prior to Sonoma 14.7.5

Description An issue was identified in the handling of directory paths, specifically a parsing problem. This was addressed through improved path validation. Exploitation of this issue could allow an application to gain root privileges and achieve a sandbox escape. The vulnerability was discussed in relation to a local privilege escalation (LPE) affecting the crash reporting process.

Recommendations Update to macOS Ventura version 13.7.5 or later. Update to macOS Sequoia version 15.4 or later. Update to macOS Sonoma version 14.7.5 or later.

Fix

LPE

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2025-24277

Affected Products

Apple Macos

CVE-2025-24277

Weakness Enumeration

Related Identifiers

Affected Products

References · 18