{"cve":{"cve_id":"CVE-2025-24085","is_kev":true,"kev_date_added":"2025-01-29","kev_vendor_project":"Apple","kev_product":"Multiple Products","kev_vulnerability_name":"Apple Multiple Products Use-After-Free Vulnerability","kev_short_description":"Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.","kev_required_action":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","kev_due_date":"2025-02-19","kev_known_ransomware":false,"kev_notes":"https://support.apple.com/en-us/122066 ; https://support.apple.com/en-us/122068 ; https://support.apple.com/en-us/122071 ; https://support.apple.com/en-us/122072 ; https://support.apple.com/en-us/122073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24085","kev_cwes":["CWE-416"],"epss_score":0.1972,"epss_percentile":0.97052,"epss_as_of":"2026-06-23","description":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3, watchOS 11.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.","published_at":"2025-01-27T21:45:46.555000Z","last_modified_at":null,"cvss_v3_score":10.0,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-416"],"nvd_references":["https://support.apple.com/en-us/122066","https://support.apple.com/en-us/122068","https://support.apple.com/en-us/122071","https://support.apple.com/en-us/122072","https://support.apple.com/en-us/122073","https://support.apple.com/en-us/122372","https://support.apple.com/en-us/122374","https://support.apple.com/en-us/122375"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-28T23:25:54.831587Z"},"effective_severity":"CRITICAL","badges":["kev"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"ios-and-ipados","product_name":"iOS and iPadOS","version_start":"0","version_start_inclusive":true,"version_end":"18.3","version_end_inclusive":false,"cpe23_uri":"cve5:apple:ios-and-ipados:0:18.3"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"ipados","product_name":"iPadOS","version_start":"0","version_start_inclusive":true,"version_end":"17.7.6","version_end_inclusive":false,"cpe23_uri":"cve5:apple:ipados:0:17.7.6"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"macos","product_name":"macOS","version_start":"0","version_start_inclusive":true,"version_end":"13.7.5","version_end_inclusive":false,"cpe23_uri":"cve5:apple:macos:0:13.7.5"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"macos","product_name":"macOS","version_start":"0","version_start_inclusive":true,"version_end":"14.7.5","version_end_inclusive":false,"cpe23_uri":"cve5:apple:macos:0:14.7.5"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"macos","product_name":"macOS","version_start":"0","version_start_inclusive":true,"version_end":"15.3","version_end_inclusive":false,"cpe23_uri":"cve5:apple:macos:0:15.3"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"tvos","product_name":"tvOS","version_start":"0","version_start_inclusive":true,"version_end":"18.3","version_end_inclusive":false,"cpe23_uri":"cve5:apple:tvos:0:18.3"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"visionos","product_name":"visionOS","version_start":"0","version_start_inclusive":true,"version_end":"2.3","version_end_inclusive":false,"cpe23_uri":"cve5:apple:visionos:0:2.3"},{"vendor_slug":"apple","vendor_name":"Apple","product_slug":"watchos","product_name":"watchOS","version_start":"0","version_start_inclusive":true,"version_end":"11.3","version_end_inclusive":false,"cpe23_uri":"cve5:apple:watchos:0:11.3"}],"exploit_refs":[],"news":[],"references":[{"url":"https://support.apple.com/en-us/122066","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/122068","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/122071","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/122072","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/122073","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/122372","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/122374","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"https://support.apple.com/en-us/122375","source_type":"VENDOR_ADVISORY","tags":["advisory"]}],"timeline":[{"type":"published","at":"2025-01-27T21:45:46.555000Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2025-01-29T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"cvss_changed","at":"2026-06-28T17:43:42.273974Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:43:42.273974Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:43:42.273974Z","label":"CVSS score revised","source":"cvelistv5"}]}