{"id":"CVE-2025-24085","details":"A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.","modified":"2026-03-15T22:50:31.468219Z","published":"2025-01-27T22:15:14.990Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-24085"},{"type":"ADVISORY","url":"https://github.com/JGoyd/Glass-Cage-iOS18-CVE-2025-24085-CVE-2025-24201"},{"type":"ADVISORY","url":"https://support.apple.com/en-us/122072"},{"type":"ADVISORY","url":"https://support.apple.com/en-us/122073"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Apr/5"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Jan/12"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Jan/13"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Jan/15"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Jan/19"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Jun/19"},{"type":"ADVISORY","url":"https://support.apple.com/en-us/122071"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Apr/10"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Oct/30"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Oct/31"},{"type":"ADVISORY","url":"https://support.apple.com/en-us/122068"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Apr/9"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Oct/23"},{"type":"ADVISORY","url":"https://support.apple.com/en-us/122066"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2025/Oct/1"},{"type":"REPORT","url":"https://github.com/cisagov/vulnrichment/issues/194"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"17.7.6"}]},{"events":[{"introduced":"18.0"},{"fixed":"18.3"}]},{"events":[{"introduced":"0"},{"fixed":"18.3"}]},{"events":[{"introduced":"0"},{"fixed":"13.7.5"}]},{"events":[{"introduced":"14.0"},{"fixed":"14.7.5"}]},{"events":[{"introduced":"15.0"},{"fixed":"15.3"}]},{"events":[{"introduced":"0"},{"fixed":"18.3"}]},{"events":[{"introduced":"0"},{"fixed":"2.3"}]},{"events":[{"introduced":"0"},{"fixed":"11.3"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-24085.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}