CVE-2025-24159 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
apple	CNA	---				---
CISA-ADP	ADP	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Vendor	Product	Version
apple	ipados	𝑥 < 17.7.4
apple	ipados	18.0 ≤ 𝑥 < 18.3
apple	iphone_os	𝑥 < 18.3
apple	macos	𝑥 < 14.7.3
apple	macos	15.0 ≤ 𝑥 < 15.3
apple	tvos	𝑥 < 18.3
apple	visionos	𝑥 < 2.3
apple	watchos	𝑥 < 11.3

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Vulnerability Media Exposure

[GERMAN] Apple macOS, iPadOS und iOS: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Apple macOS, Apple iPadOS und Apple iOS ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, beliebigen Code auszuführen, sensible Daten offenzulegen, Dateien zu manipulieren, erhöhte Rechte zu erlangen - einschließlich Root-Rechte, Sicherheitsmaßnahmen zu umgehen und einen Spoofing-Angriff zu starten.
Published: 2025-01-27T23:00:00+00:00

References

https://support.apple.com/en-us/122066

https://support.apple.com/en-us/122067

https://support.apple.com/en-us/122068

https://support.apple.com/en-us/122069

https://support.apple.com/en-us/122071

https://support.apple.com/en-us/122072

https://support.apple.com/en-us/122073