CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-24206: An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5,...
7.7
CVSS
Description
An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.
Classification
CVE ID: CVE-2025-24206
CVSS Base Severity: HIGH
CVSS Base Score: 7.7
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Problem Types
An attacker on the local network may be able to bypass authentication policyAffected Products
Vendor: Apple
Product: tvOS, iOS and iPadOS, iPadOS, macOS, visionOS
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.03% (probability of being exploited)
EPSS Percentile: 5.51% (scored less or equal to compared to others)
EPSS Date: 2025-05-28 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: total
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2025-24206https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122378
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375