CVE-2025-24131

EPSS 0.15%
Veröffentlicht 27.01.2025 22:15:18
Zuletzt bearbeitet 02.04.2026 19:19:04
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

The issue was addressed with improved memory handling. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may be able to cause a denial-of-service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

NVD 6 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPadOS Version < 18.3

Apple ≫ iPhone OS Version < 18.3

Apple ≫ macOS Version < 15.3

Apple ≫ tvOS Version < 18.3

Apple ≫ visionOS Version < 2.3

Apple ≫ watchOS Version < 11.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.352

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://support.apple.com/en-us/122066

Release Notes

https://support.apple.com/en-us/122068

Release Notes

https://support.apple.com/en-us/122072

Release Notes

https://support.apple.com/en-us/122073

Release Notes

https://support.apple.com/en-us/122374

https://support.apple.com/en-us/122375

https://support.apple.com/en-us/122372

http://seclists.org/fulldisclosure/2025/Jan/13