CVE-2025-24118

HIGH

iPadOS < 17.7.4 and macOS < 14.7.3, < 15.3 - Out-of-bounds Write

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-24118. PoCs published by jprx.

AI-analyzed exploit summary This PoC exploits a race condition in macOS (CVE-2025-24118) by racing `kauth_cred_proc_update` against `current_cached_proc_cred_update`, leading to a non-atomic write to `proc_ro.p_ucred` that can cause it to point to invalid memory. The exploit requires a setgid binary with differing real and effective group IDs to trigger the vulnerability.

Description

The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory.

Exploits (1)

nomisec WORKING POC 47 stars
by jprx · poc
https://github.com/jprx/CVE-2025-24118

This PoC exploits a race condition in macOS (CVE-2025-24118) by racing `kauth_cred_proc_update` against `current_cached_proc_cred_update`, leading to a non-atomic write to `proc_ro.p_ucred` that can cause it to point to invalid memory. The exploit requires a setgid binary with differing real and effective group IDs to trigger the vulnerability.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: macOS (version not specified)
No auth needed
Prerequisites: setgid binary with differing real and effective group IDs · macOS environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Scores

CVSS v3 7.1
EPSS 0.0359
EPSS Percentile 88.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-787
Status published
Products (5)
apple/ipados < 17.7.4
Apple/iPadOS < 17.7.4
apple/macos < 14.7.3
Apple/macOS < 14.7.3
Apple/macOS < 15.3
Published Jan 27, 2025
Tracked Since Feb 18, 2026