Medium severity5.5NVD Advisory· Published May 12, 2025· Updated Apr 2, 2026

CVE-2025-24144

Description

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, watchOS 11.3. An app may be able to leak sensitive kernel state.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An app may leak sensitive kernel state due to an information disclosure bug, patched in multiple Apple OS updates.

Vulnerability

Overview CVE-2025-24144 is an information disclosure vulnerability in Apple's kernel. The issue stems from a flaw that allows a malicious app to leak sensitive kernel state. Apple addressed the vulnerability by removing the vulnerable code.

Exploitation

The attack surface is local; an attacker would need to have an app installed on the device. No special privileges are required beyond the standard sandboxed app environment. The app can potentially access kernel memory information that should be protected.

Impact

Successful exploitation could lead to the leakage of sensitive kernel state, which may include memory layout information or other critical system data. This could aid in further attacks or expose system internals.

Mitigation

Apple has released patches in iOS 18.3, iPadOS 18.3, iPadOS 17.7.7, macOS Sequoia 15.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, tvOS 18.3, visionOS 2.3, and watchOS 11.3 [1][2][3][4]. Users are urged to update to the latest versions.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <17.7.7
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <18.3
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: <13.7.6
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <18.3
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.3
Apple Inc./watchOS
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Range: <11.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/122066nvdRelease NotesVendor Advisory
support.apple.com/en-us/122068nvdRelease NotesVendor Advisory
support.apple.com/en-us/122071nvdRelease NotesVendor Advisory
support.apple.com/en-us/122072nvdRelease NotesVendor Advisory
support.apple.com/en-us/122073nvdRelease NotesVendor Advisory
support.apple.com/en-us/122405nvdRelease NotesVendor Advisory
support.apple.com/en-us/122717nvdRelease NotesVendor Advisory
support.apple.com/en-us/122718nvdRelease NotesVendor Advisory
seclists.org/fulldisclosure/2025/May/6nvd
seclists.org/fulldisclosure/2025/May/8nvd
seclists.org/fulldisclosure/2025/May/9nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000