CVE-2025-24206
BaseFortify
Publication date: 2025-04-29
Last updated on: 2026-04-02
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ipados | to 17.7.6 (exc) |
| apple | ipados | From 18.0 (inc) to 18.4 (exc) |
| apple | iphone_os | to 18.4 (exc) |
| apple | macos | to 13.7.5 (exc) |
| apple | macos | From 14.0 (inc) to 14.7.5 (exc) |
| apple | macos | From 15.0 (inc) to 15.4 (exc) |
| apple | tvos | to 18.4 (exc) |
| apple | visionos | to 2.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an authentication bypass flaw caused by faulty state management. Essentially, the issue allowed an attacker on the local network to bypass the authentication policy, enabling unauthorized access. It has been addressed and fixed in multiple Apple operating systems including macOS, tvOS, iOS, iPadOS, and visionOS. [1]
How can this vulnerability impact me?
If you are using any of the affected Apple operating systems, an attacker on your local network could exploit this vulnerability to bypass authentication controls. This could potentially lead to unauthorized access or compromise of your system's security. [1]
What immediate steps should I take to mitigate this vulnerability?
Based on the provided information, you should upgrade your systems to one of the fixed versions released by Apple. For example, update to macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4, iPadOS 18.4, or visionOS 2.4. [1]