CINXE.COM

NVD - Home

<!DOCTYPE html> <html lang="en"> <head> <title>NVD - Home</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <meta http-equiv="content-style-type" content="text/css" /> <meta http-equiv="content-script-type" content="text/javascript" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link href="/site-scripts/font-awesome/css/font-awesome.min.css" type="text/css" rel="stylesheet" /> <link href="/site-media/bootstrap/css/bootstrap.min.css" type="text/css" rel="stylesheet" /> <link href="/site-media/bootstrap/css/bootstrap-theme.min.css" type="text/css" rel="stylesheet" /> <link href="/site-scripts/eonasdan-bootstrap-datetimepicker/build/css/bootstrap-datetimepicker.min.css" type="text/css" rel="stylesheet" /> <link href="/site-media/css/nist-fonts.css" type="text/css" rel="stylesheet" /> <link href="/site-media/css/base-style.css" type="text/css" rel="stylesheet" /> <link href="/site-media/css/media-resize.css" type="text/css" rel="stylesheet" /> <meta name="theme-color" content="#000000"> <script src="/site-scripts/jquery/dist/jquery.min.js" type="text/javascript"></script> <script src="/site-scripts/jquery-visible/jquery.visible.min.js" type="text/javascript"></script> <script src="/site-scripts/underscore/underscore-min.js" type="text/javascript"></script> <script src="/site-media/bootstrap/js/bootstrap.js" type="text/javascript"></script> <script src="/site-scripts/moment/min/moment.min.js" type="text/javascript"></script> <script src="/site-scripts/eonasdan-bootstrap-datetimepicker/build/js/bootstrap-datetimepicker.min.js" type="text/javascript"></script> <script src="/site-media/js/megamenu.js" type="text/javascript"></script> <script src="/site-media/js/nist-exit-script.js" type="text/javascript"></script> <script src="/site-media/js/forms.js" type="text/javascript"></script> <script src="/site-media/js/federated-analytics.all.min.js?agency=NIST&amp;subagency=nvd&amp;pua=UA-37115410-41&amp;yt=true" type="text/javascript" id="_fed_an_js_tag"></script> <!-- Google tag (gtag.js) --> <script async src="https://www.googletagmanager.com/gtag/js?id=G-4KKFZP12LQ"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KKFZP12LQ'); </script> <style id="antiClickjack"> body>* { display: none !important; } #antiClickjack { display: block !important; } </style> <noscript> <style id="antiClickjackNoScript"> body>* { display: block !important; } #antiClickjack { display: none !important; } </style> </noscript> <script type="text/javascript" id="antiClickjackScript"> if (self === top) { // no clickjacking var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { setTimeout(tryForward(), 5000); } function tryForward() { top.location = self.location; } </script> <meta charset="UTF-8"> <link href="/site-media/css/nvd-style.css" type="text/css" rel="stylesheet" /> <link href="/site-media/images/favicons/apple-touch-icon.png" rel="apple-touch-icon" type="image/png" sizes="180x180" /> <link href="/site-media/images/favicons/favicon-32x32.png" rel="icon" type="image/png" sizes="32x32" /> <link href="/site-media/images/favicons/favicon-16x16.png" rel="icon" type="image/png" sizes="16x16" /> <link href="/site-media/images/favicons/manifest.json" rel="manifest" /> <link href="/site-media/images/favicons/safari-pinned-tab.svg" rel="mask-icon" color="#000000" /> <link href="/site-media/images/favicons/favicon.ico" rel="shortcut icon" /> <meta name="msapplication-config" content="/site-media/images/favicons/browserconfig.xml" /> <link href="/site-media/images/favicons/favicon.ico" rel="shortcut icon" type="image/x-icon" /> <link href="/site-media/images/favicons/favicon.ico" rel="icon" type="image/x-icon" /> <meta charset="UTF-8"> <meta charset="UTF-8"> </head> <body> <header role="banner" title="Site Banner"> <div id="antiClickjack" style="display: none"> <h1>You are viewing this page in an unauthorized frame window.</h1> <p> This is a potential security issue, you are being redirected to <a href="https://nvd.nist.gov">https://nvd.nist.gov</a> </p> </div> <div> <section class="usa-banner" aria-label="Official government website"> <div class="usa-accordion container"> <header class="usa-banner__header"> <noscript> <p style="font-size: 0.85rem; font-weight: bold;">You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.</p> </noscript> <img class="usa-banner__header-flag" src="/site-media/images/usbanner/us_flag_small.png" alt="U.S. flag"> &nbsp; <span class="usa-banner__header-text">An official website of the United States government</span> <button id="gov-banner-button" class="usa-accordion__button usa-banner__button" data-toggle="collapse" data-target="#gov-banner" aria-expanded="false" aria-controls="gov-banner"> <span class="usa-banner__button-text">Here's how you know</span> </button> </header> <div class="usa-banner__content usa-accordion__content collapse" role="tabpanel" id="gov-banner" aria-expanded="true"> <div class="row"> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/site-media/images/usbanner/icon-dot-gov.svg" alt="Dot gov"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Official websites use .gov</strong> <br> A <strong>.gov</strong> website belongs to an official government organization in the United States. </p> </div> </div> </div> <div class="col-md-5 col-sm-12"> <div class="row"> <div class="col-sm-2 col-xs-3"> <img class="usa-banner__icon usa-media-block__img" src="/site-media/images/usbanner/icon-https.svg" alt="Https"> </div> <div class="col-sm-10 col-xs-9"> <p> <strong>Secure .gov websites use HTTPS</strong> <br> A <strong>lock</strong> (<img class="usa-banner__lock" src="/site-media/images/usbanner/lock.svg" alt="Dot gov">) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. </p> </div> </div> </div> </div> </div> </div> </section> </div> <div> <div> <nav id="navbar" class="navbar"> <div id="nist-menu-container" class="container"> <div class="row"> <!-- Brand --> <div class="col-xs-6 col-md-4 navbar-header" style="height:104px"> <a class="navbar-brand" href="https://www.nist.gov" target="_blank" rel="noopener noreferrer" id="navbar-brand-image" style="padding-top: 36px"> <img alt="National Institute of Standards and Technology" src="/site-media/images/nist/nist-logo.svg" width="110" height="30"> </a> </div> <div class="col-xs-6 col-md-8 navbar-nist-logo"> <span id="nvd-menu-button" class="pull-right" style="margin-top: 26px"> <a href="#"> <span class="fa fa-bars"></span> <span id="nvd-menu-full-text"><span class="hidden-xxs">NVD </span>MENU</span> </a> </span> </div> </div> </div> <div class="main-menu-row container"> <!-- Collect the nav links, forms, and other content for toggling --> <div id="main-menu-drop" class="col-lg-12" style="display: none;"> <ul> <li><a href="/general"> General <span class="expander fa fa-plus" id="nvd-header-menu-general" data-expander-name="general" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="general"> <div class="row"> <div class="col-lg-4"> <p> <a href="/general/nvd-dashboard">NVD Dashboard</a> </p> <p> <a href="https://www.nist.gov/itl/nvd">News and Status Updates</a> </p> </div> <div class="col-lg-4"> <p> <a href="/general/faq">FAQ</a> </p> </div> <div class="col-lg-4"> <p> <a href="/general/visualizations">Visualizations</a> </p> <p> <a href="/general/legal-disclaimer">Legal Disclaimer</a> </p> </div> </div> </div></li> <li><a href="/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-header-menu-vulnerabilities" data-expander-name="vulnerabilities" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilities"> <div class="row"> <div class="col-lg-4"> <p> <a href="/vuln/search">Search &amp; Statistics</a> </p> <p> <a href="/vuln/categories">Weakness Types</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln/data-feeds">Legacy Data Feeds</a> </p> <p> <a href="/vuln/vendor-comments">Vendor Comments</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln/cvmap">CVMAP</a> </p> </div> </div> </div></li> <li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-header-menu-metrics" data-expander-name="metrics" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metrics"> <div class="row"> <div class="col-lg-4"> <p> <a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0 Calculators</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x Calculators</a> </p> </div> <div class="col-lg-4"> <p> <a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0 Calculator</a> </p> </div> </div> </div></li> <li><a href="/products"> Products <span class="expander fa fa-plus" id="nvd-header-menu-products" data-expander-name="products" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="products"> <div class="row"> <div class="col-lg-4"> <p> <a href="/products/cpe">CPE Dictionary</a> </p> <p> <a href="/products/cpe/search">CPE Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/products/cpe/statistics">CPE Statistics</a> </p> <p> <a href="/products/swid">SWID</a> </p> </div> <div class="col-lg-4"></div> </div> </div></li> <li> <a href="/developers">Developers<span class="expander fa fa-plus" id="nvd-header-menu-developers" data-expander-name="developers" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developers"> <div class="row"> <div class="col-lg-4"> <p> <a href="/developers/start-here">Start Here</a> </p> <p> <a href="/developers/request-an-api-key">Request an API Key</a> </p> </div> <div class="col-lg-4"> <p> <a href="/developers/vulnerabilities">Vulnerabilities</a> </p> <p> <a href="/developers/products">Products</a> </p> </div> <div class="col-lg-4"> <p> <a href="/developers/data-sources">Data Sources</a> </p> <p> <a href="/developers/terms-of-use">Terms of Use</a> </p> </div> </div> </div> </li> <li><a href="/contact"> Contact NVD </a></li> <li><a href="/other"> Other Sites <span class="expander fa fa-plus" id="nvd-header-menu-othersites" data-expander-name="otherSites" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSites"> <div class="row"> <div class="col-lg-4"> <p> <a href="https://ncp.nist.gov">Checklist (NCP) Repository</a> </p> <p> <a href="https://ncp.nist.gov/cce">Configurations (CCE)</a> </p> <p> <a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a> </p> <p> <a href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a> </p> </div> <div class="col-lg-4"> <p> <a href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a> </p> </div> </div> </div></li> <li><a href="/search"> Search <span class="expander fa fa-plus" id="nvd-header-menu-search" data-expander-name="search" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="search"> <div class="row"> <div class="col-lg-4"> <p> <a href="/vuln/search">Vulnerability Search</a> </p> </div> <div class="col-lg-4"> <p> <a href="/products/cpe/search">CPE Search</a> </p> </div> </div> </div></li> </ul> </div> <!-- /#mobile-nav-container --> </div> </nav> <section id="itl-header" class="has-menu"> <div class="container"> <div class="row"> <div class="col-sm-12 col-md-8"> <h2 class="hidden-xs hidden-sm"> <a href="https://www.nist.gov/itl" target="_blank" rel="noopener noreferrer">Information Technology Laboratory</a> </h2> <h1 class="hidden-xs hidden-sm"> <a id="nvd-header-link" href="/">National Vulnerability Database</a> </h1> <h1 class="hidden-xs text-center hidden-md hidden-lg" >National Vulnerability Database</h1> <h1 class="hidden-sm hidden-md hidden-lg text-center" >NVD</h1> </div> <div class="col-sm-12 col-md-4"> <a style="width: 100%; text-align: center; display: block;padding-top: 14px"> <img id="img-logo-nvd-lg" alt="National Vulnerability Database" src="/site-media/images/F_NIST-Logo-NVD-white.svg" width="500" height="100"> </a> </div> </div> </div> </section> </div> </div> </header> <main> <div> <div id="body-section" class="container"> <div> <div class="row"> <nav title="Side Menu" role="navigation" class="col-lg-3 col-md-4 hidden-sm hidden-xs hidden-xxs"> <ul class="side-nav"> <li><a href="/general">General<span class="expander fa fa-plus" id="nvd-side-menu-general" data-expander-name="generalSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="generalSide"> <ul> <li><a href="/general/nvd-dashboard">NVD Dashboard</a></li> <li><a href="https://www.nist.gov/itl/nvd">News and Status Updates</a></li> <li><a href="/general/faq">FAQ</a></li> <li><a href="/general/visualizations">Visualizations</a></li> <li><a href="/general/legal-disclaimer">Legal Disclaimer</a></li> </ul> </div></li> <li><a href="/vuln"> Vulnerabilities <span class="expander fa fa-plus" id="nvd-side-menu-vulnerabilities" data-expander-name="vulnerabilitiesSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="vulnerabilitiesSide"> <ul> <li><a href="/vuln/search">Search &amp; Statistics</a></li> <li><a href="/vuln/categories">Weakness Types</a></li> <li><a href="/vuln/data-feeds">Legacy Data Feeds</a></li> <li><a href="/vuln/vendor-comments">Vendor Comments</a></li> <li><a href="/vuln/cvmap">CVMAP</a></li> </ul> </div></li> <li><a href="/vuln-metrics/cvss#"> Vulnerability Metrics <span class="expander fa fa-plus" id="nvd-side-menu-metrics" data-expander-name="metricsSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="metricsSide"> <ul> <li><a href="/vuln-metrics/cvss/v4-calculator">CVSS v4.0 Calculator</a></li> <li><a href="/vuln-metrics/cvss/v3-calculator">CVSS v3.x Calculators</a></li> <li><a href="/vuln-metrics/cvss/v2-calculator">CVSS v2.0 Calculator</a></li> </ul> </div></li> <li><a href="/products"> Products <span class="expander fa fa-plus" id="nvd-side-menu-products" data-expander-name="productsSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="productsSide"> <ul> <li><a href="/products/cpe">CPE Dictionary</a></li> <li><a href="/products/cpe/search">CPE Search</a></li> <li><a href="/products/cpe/statistics">CPE Statistics</a></li> <li><a href="/products/swid">SWID</a></li> </ul> </div></li> <li> <a href="/developers">Developers<span class="expander fa fa-plus" id="nvd-side-menu-developers" data-expander-name="developersSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="developersSide"> <ul> <li><a href="/developers/start-here">Start Here</a></li> <li><a href="/developers/request-an-api-key">Request an API Key</a></li> <li><a href="/developers/vulnerabilities">Vulnerabilities</a></li> <li><a href="/developers/products">Products</a></li> <li><a href="/developers/data-sources">Data Sources</a></li> <li><a href="/developers/terms-of-use">Terms of Use</a></li> </ul> </div> </li> <li><a href="/contact"> Contact NVD </a></li> <li><a href="/other"> Other Sites <span class="expander fa fa-plus" id="nvd-side-menu-othersites" data-expander-name="otherSitesSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="otherSitesSide"> <ul> <li><a href="https://ncp.nist.gov">Checklist (NCP) Repository</a></li> <li><a href="https://ncp.nist.gov/cce">Configurations (CCE)</a></li> <li><a href="https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search">800-53 Controls</a></li> <li><a href="https://csrc.nist.gov/projects/scap-validation-program">SCAP Validated Tools</a></li> <li><a href="https://csrc.nist.gov/projects/security-content-automation-protocol">SCAP</a></li> <li><a href="https://csrc.nist.gov/projects/united-states-government-configuration-baseline">USGCB</a></li> </ul> </div></li> <li><a href="/search"> Search <span class="expander fa fa-plus" id="nvd-side-menu-search" data-expander-name="searchSide" data-expanded="false"> <span class="element-invisible">Expand or Collapse</span> </span> </a> <div style="display: none;" class="sub-menu" data-expander-trigger="searchSide"> <ul> <li><a href="/vuln/search">Vulnerability Search</a></li> <li><a href="/products/cpe/search">CPE Search</a></li> </ul> </div></li> </ul> </nav> <div id="page-content" class="col-lg-9 col-md-8 col-sm-12 col-xs-12 col-xxs-12"> <div class="col-md-4" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="https://www.nist.gov/itl/nvd"> <img alt="Icon for New NVD Communications and Status Updates Page" src="/site-media/images/LandingPage/readAllAboutIt800x632.png" style="width: 300px; height: 237px;" title="New NVD Communications and Status Updates Page"> <br/> <strong>New Communications Page</strong> </a> </span> </div> </div> <div class="col-md-4" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="/general/news/cvss-v4-0-official-support"> <img alt="The NVD now supports CVSS version 4.0!" src="/site-media/images/LandingPage/cvssV4_0Logo.png" style="width: 300px; height: 237px;" title="The NVD now supports CVSS version 4.0!"> <br/> <strong>CVSS v4.0 Support</strong> </a> </span> </div> </div> <div class="row"> <div class="col-md-4" style="padding:0px;"> <div class="text-center"> <span class="carousel-title"> <a href="/general/news/api-20-announcements"> <img alt="The letters N V D typed out in binary" src="/site-media/images/LandingPage/apiGuidance800x632.png" style="width: 300px; height: 237px;" title="Whats new in API two"> <br/> <strong>2.0 APIs</strong> </a> </span> </div> </div> </div> <br/> <span>The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.</span> <br/> <br/> <span>For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult <a href="https://data.nist.gov/od/id/1E0F15DAAEFB84E4E0531A5706813DD8436"> NIST's Public Data Repository</a>.</span> <br/> <br/> <div id="legal-disclaimer"> <h4>Legal Disclaimer:</h4> <p> Here is where you can read the NVD <a href="general/legal-disclaimer">legal disclaimer</a>. </p> </div> <div> <div class="row"> <div class="col-md-12 col-sm-12"> <div id="vulnResultsPanel"> <!-- Results Panel --> <div id="latestVulnsArea"> <div id="latestVulnsTitleRow" class="row"> <span class="hidden-md col-lg-9"> <strong class="h4Size">Last 20 Scored Vulnerability IDs &amp; Summaries</strong> </span> <span class="hidden-md col-lg-3"> <strong class="h4Size">CVSS Severity </strong> </span> </div> <ul id="latestVulns"> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24235" id="cveDetailAnchor-0">CVE-2025-24235</a></strong> - A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A remote attacker may be able to cause unexpected app termination or heap corruption. <br> <strong>Published:</strong> March 31, 2025; 7:15:20 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-0"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24244" id="cveDetailAnchor-1">CVE-2025-24244</a></strong> - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Processing a maliciously crafted font may result in th... <a href="/vuln/detail/CVE-2025-24244#vulnDescriptionTitle">read CVE-2025-24244</a><br> <strong>Published:</strong> March 31, 2025; 7:15:21 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-1"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24246" id="cveDetailAnchor-2">CVE-2025-24246</a></strong> - An injection issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data. <br> <strong>Published:</strong> March 31, 2025; 7:15:21 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-2"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24247" id="cveDetailAnchor-3">CVE-2025-24247</a></strong> - A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker may be able to cause unexpected app termination. <br> <strong>Published:</strong> March 31, 2025; 7:15:21 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-3"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24249" id="cveDetailAnchor-4">CVE-2025-24249</a></strong> - A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to check the existence of an arbitrary path on the file system. <br> <strong>Published:</strong> March 31, 2025; 7:15:22 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-4"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24250" id="cveDetailAnchor-5">CVE-2025-24250</a></strong> - This issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app acting as a HTTPS proxy could get access to sensitive user data. <br> <strong>Published:</strong> March 31, 2025; 7:15:22 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-5"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24253" id="cveDetailAnchor-6">CVE-2025-24253</a></strong> - This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data. <br> <strong>Published:</strong> March 31, 2025; 7:15:22 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-6"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24254" id="cveDetailAnchor-7">CVE-2025-24254</a></strong> - This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A user may be able to elevate privileges. <br> <strong>Published:</strong> March 31, 2025; 7:15:22 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-7"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24255" id="cveDetailAnchor-8">CVE-2025-24255</a></strong> - A file access issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox. <br> <strong>Published:</strong> March 31, 2025; 7:15:22 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-8"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24256" id="cveDetailAnchor-9">CVE-2025-24256</a></strong> - The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to disclose kernel memory. <br> <strong>Published:</strong> March 31, 2025; 7:15:22 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-9"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24257" id="cveDetailAnchor-10">CVE-2025-24257</a></strong> - An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to cause unexpected system termination or write kernel memory. <br> <strong>Published:</strong> March 31, 2025; 7:15:22 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-10"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24259" id="cveDetailAnchor-11">CVE-2025-24259</a></strong> - This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check. <br> <strong>Published:</strong> March 31, 2025; 7:15:22 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-11"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24260" id="cveDetailAnchor-12">CVE-2025-24260</a></strong> - The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker in a privileged position may be able to perform a denial-of-service. <br> <strong>Published:</strong> March 31, 2025; 7:15:22 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-12"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24261" id="cveDetailAnchor-13">CVE-2025-24261</a></strong> - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. <br> <strong>Published:</strong> March 31, 2025; 7:15:23 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-13"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24272" id="cveDetailAnchor-14">CVE-2025-24272</a></strong> - The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. <br> <strong>Published:</strong> March 31, 2025; 7:15:23 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-14"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24273" id="cveDetailAnchor-15">CVE-2025-24273</a></strong> - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory. <br> <strong>Published:</strong> March 31, 2025; 7:15:23 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-15"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-24276" id="cveDetailAnchor-16">CVE-2025-24276</a></strong> - This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access private information. <br> <strong>Published:</strong> March 31, 2025; 7:15:24 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-16"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-30438" id="cveDetailAnchor-17">CVE-2025-30438</a></strong> - This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system ... <a href="/vuln/detail/CVE-2025-30438#vulnDescriptionTitle">read CVE-2025-30438</a><br> <strong>Published:</strong> March 31, 2025; 7:15:25 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-17"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-30439" id="cveDetailAnchor-18">CVE-2025-30439</a></strong> - The issue was addressed with improved checks. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An attacker with physical access to a locked device may be able to view sensitive user information. <br> <strong>Published:</strong> March 31, 2025; 7:15:25 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-18"> </p> </div> </li> <li> <div class="col-lg-9"> <p> <strong><a href="/vuln/detail/CVE-2025-30443" id="cveDetailAnchor-19">CVE-2025-30443</a></strong> - A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data. <br> <strong>Published:</strong> March 31, 2025; 7:15:26 PM -0400 </p> </div> <div class="col-lg-3"> <p id="severity-score-19"> </p> </div> </li> </ul> </div> </div> </div> </div> </div> <div class="col-md-12 historical-data-area" id="historical-data-area"> <span> Created <span id="page-created-date"> <span>September 20, 2022</span> </span>, </span> Updated <span id="page-updated-date"> <span>August 27, 2024</span> </span> </div> </div> </div> </div> </div> </div> </main> <footer id="footer" role="contentinfo"> <div class="container"> <div class="row"> <div class="col-sm-12"> <ul class="social-list pull-right"> <li class="field-item service-twitter list-horiz"><a href="https://twitter.com/NISTCyber" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-twitter fa-fw"><span class="element-invisible">twitter</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> <li class="field-item service-facebook list-horiz"><a href="https://www.facebook.com/NIST" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-facebook fa-fw"><span class="element-invisible">facebook</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-linkedin list-horiz"><a href="https://www.linkedin.com/company/nist" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-linkedin fa-fw"><span class="element-invisible">linkedin</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-youtube list-horiz"><a href="https://www.youtube.com/user/USNISTGOV" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-youtube fa-fw"><span class="element-invisible">youtube</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span></a></li> <li class="field-item service-rss list-horiz"><a href="https://www.nist.gov/news-events/nist-rss-feeds" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink"> <i class="fa fa-rss fa-fw"><span class="element-invisible">rss</span></i> </a></li> <li class="field-item service-govdelivery list-horiz last"><a href="https://public.govdelivery.com/accounts/USNIST/subscriber/new?qsp=USNIST_3" target="_blank" rel="noopener noreferrer" class="social-btn social-btn--large extlink ext"> <i class="fa fa-envelope fa-fw"><span class="element-invisible">govdelivery</span></i><span class="ext"><span class="element-invisible"> (link is external)</span></span> </a></li> </ul> <span class="hidden-xs"> <a title="National Institute of Standards and Technology" rel="home" class="footer-nist-logo"> <img src="/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo" /> </a> </span> </div> </div> <div class="row hidden-sm hidden-md hidden-lg"> <div class="col-sm-12"> <a href="https://www.nist.gov" title="National Institute of Standards and Technology" rel="home" target="_blank" rel="noopener noreferrer" class="footer-nist-logo"> <img src="/site-media/images/nist/nist-logo.png" alt="National Institute of Standards and Technology logo" /> </a> </div> </div> <div class="row footer-contact-container"> <div class="col-sm-6"> <strong>HEADQUARTERS</strong> <br> 100 Bureau Drive <br> Gaithersburg, MD 20899 <br> <a href="tel:301-975-2000">(301) 975-2000</a> <br> <br> <a href="mailto:nvd@nist.gov">Webmaster</a> | <a href="https://www.nist.gov/about-nist/contact-us">Contact Us</a> | <a href="https://www.nist.gov/about-nist/visit" style="display: inline-block;">Our Other Offices</a> </div> <div class="col-sm-6"> <div class="pull-right" style="text-align:right"> <strong>Incident Response Assistance and Non-NVD Related<br>Technical Cyber Security Questions:</strong> <br> US-CERT Security Operations Center <br> Email: <a href="mailto:soc@us-cert.gov">soc@us-cert.gov</a> <br> Phone: 1-888-282-0870 </div> </div> </div> <div class="row"> <nav title="Footer Navigation" role="navigation" class="row footer-bottom-links-container"> <!-- https://github.com/usnistgov/nist-header-footer/blob/nist-pages/boilerplate-footer.html --> <p> <a href="https://www.nist.gov/oism/site-privacy">Site Privacy</a> | <a href="https://www.nist.gov/oism/accessibility">Accessibility</a> | <a href="https://www.nist.gov/privacy">Privacy Program</a> | <a href="https://www.nist.gov/oism/copyrights">Copyrights</a> | <a href="https://www.commerce.gov/vulnerability-disclosure-policy">Vulnerability Disclosure</a> | <a href="https://www.nist.gov/no-fear-act-policy">No Fear Act Policy</a> | <a href="https://www.nist.gov/foia">FOIA</a> | <a href="https://www.nist.gov/environmental-policy-statement">Environmental Policy</a> | <a href="https://www.nist.gov/summary-report-scientific-integrity">Scientific Integrity</a> | <a href="https://www.nist.gov/nist-information-quality-standards">Information Quality Standards</a> | <a href="https://www.commerce.gov/">Commerce.gov</a> | <a href="https://www.science.gov/">Science.gov</a> | <a href="https://www.usa.gov/">USA.gov</a> </p> </nav> </div> </div> </footer> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10