CVE-2025-24126

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-24126

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

n input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process memory.

References
Link Resource
https://support.apple.com/en-us/122066 Release Notes Vendor Advisory
https://support.apple.com/en-us/122068 Release Notes Vendor Advisory
https://support.apple.com/en-us/122071 Release Notes Vendor Advisory
https://support.apple.com/en-us/122072 Release Notes Vendor Advisory
https://support.apple.com/en-us/122073 Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Jan/12
http://seclists.org/fulldisclosure/2025/Jan/13
http://seclists.org/fulldisclosure/2025/Jan/15
http://seclists.org/fulldisclosure/2025/Jan/19
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
History

03 Nov 2025, 21:19

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2025/Jan/12 -
  • () http://seclists.org/fulldisclosure/2025/Jan/13 -
  • () http://seclists.org/fulldisclosure/2025/Jan/15 -
  • () http://seclists.org/fulldisclosure/2025/Jan/19 -

17 Mar 2025, 16:15

Type Values Removed Values Added
CPE cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
References () https://support.apple.com/en-us/122066 - () https://support.apple.com/en-us/122066 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122068 - () https://support.apple.com/en-us/122068 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122071 - () https://support.apple.com/en-us/122071 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122072 - () https://support.apple.com/en-us/122072 - Release Notes, Vendor Advisory
References () https://support.apple.com/en-us/122073 - () https://support.apple.com/en-us/122073 - Release Notes, Vendor Advisory
CWE NVD-CWE-noinfo
CWE-400
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.3
First Time Apple
Apple visionos
Apple macos
Apple tvos
Apple watchos
Apple iphone Os
Apple ipados

18 Feb 2025, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : unknown

28 Jan 2025, 15:15

Type Values Removed Values Added
Summary
  • (es) Se solucionó un problema de validación de entrada. Este problema se solucionó en visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3 y tvOS 18.3. Un atacante en la red local podría provocar la finalización inesperada de sistema o dañar la memoria del proceso.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

27 Jan 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-27 22:15

Updated : 2025-11-03 21:19

NVD link : CVE-2025-24126

Mitre link : CVE-2025-24126

CVE.ORG link : CVE-2025-24126

JSON object : View

Products Affected

apple

CWE
NVD-CWE-noinfo CWE-400

Uncontrolled Resource Consumption