Medium severity4.3NVD Advisory· Published Jan 27, 2025· Updated Apr 2, 2026

CVE-2025-24160

Description

The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, watchOS 11.3. Parsing a file may lead to an unexpected app termination.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Parsing a malicious file could cause unexpected app termination; Apple addressed the issue in multiple OS updates.

Vulnerability

Overview

CVE-2025-24160 is a logic or input validation issue in Apple's parsing of files that could lead to unexpected app termination. The official description states the issue was resolved with improved checks, and it is fixed in iOS 18.3, iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, tvOS 18.3, visionOS 2.3, and watchOS 11.3 [1][2][3][4].

Attack

Surface and Exploitation

The vulnerability can be triggered by processing a crafted file; no authentication is required for the parsing event, but the attacker would need to deliver the file to the target device. The related CVEs referenced in Apple's advisories (CVE-2025-24126, CVE-2025-24137, CVE-2025-24179) indicate that an attacker on the local network may also corrupt process memory or cause a denial-of-service, while this particular CVE focuses on app termination [1][3][4].

Impact

Successful exploitation results in an unexpected app termination, effectively a denial-of-service condition. This could disrupt user workflows, cause data loss if unsaved changes are present, and might be leveraged in a multi-step attack to destabilize the system.

Mitigation

Apple has released patches for all affected platforms as of January 27, 2025. Users should update to the latest OS versions listed above. No workarounds are documented; applying the updates is the recommended mitigation [1][2][3][4].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados2 versions
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*range: <17.7.4
- (no CPE)range: = 18.3, = 17.7.4
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <18.3
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: <14.7.3
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <18.3
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.3
Apple Inc./watchOS
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Range: <11.3
Apple Inc./macOS Sequoiallm-fuzzy
Range: = 15.3
Apple Inc./iOSllm-fuzzy
Range: = 18.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/122066nvdRelease NotesVendor Advisory
support.apple.com/en-us/122067nvdRelease NotesVendor Advisory
support.apple.com/en-us/122068nvdRelease NotesVendor Advisory
support.apple.com/en-us/122069nvdRelease NotesVendor Advisory
support.apple.com/en-us/122071nvdRelease NotesVendor Advisory
support.apple.com/en-us/122072nvdRelease NotesVendor Advisory
support.apple.com/en-us/122073nvdRelease NotesVendor Advisory
seclists.org/fulldisclosure/2025/Jan/13nvd
seclists.org/fulldisclosure/2025/Jan/14nvd
seclists.org/fulldisclosure/2025/Jan/15nvd
seclists.org/fulldisclosure/2025/Jan/16nvd
seclists.org/fulldisclosure/2025/Jan/18nvd
seclists.org/fulldisclosure/2025/Jan/19nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000