CVE-2025-24211

Published Mar 31, 2025

Last updated 18 days ago

CVSS critical 9.8

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-24211 is a memory corruption vulnerability affecting Apple products, specifically related to processing video files. The vulnerability lies within the Video File Handler component of macOS, tvOS, iPadOS, and visionOS. The vulnerability is triggered when processing a maliciously crafted video file, which can lead to unexpected application termination or corruption of process memory. The issue is addressed through improved memory handling in the patched versions of the operating systems.

Description
This issue was addressed with improved memory handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted video file may lead to unexpected app termination or corrupt process memory.
Source
product-security@apple.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-400

Social media

Hype score
Not currently trending

  1. Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 💀 CVE ID : CVE-2025-24211

    @7h3h4ckv157

    1 Apr 2025

    1584 Impressions

    1 Retweet

    20 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  2. [ZDI-25-191|CVE-2025-24211] Apple macOS MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (CVSS 8.8; Credit: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative) https://t.co/K3yzgQqU4V

    @TheZDIBugs

    1 Apr 2025

    2366 Impressions

    3 Retweets

    6 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

Configurations

References