CVE-2025-24210

A logic error was addressed with improved error handling. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Parsing an image may lead to disclosure of user information.

Weakness

The product uses an expression in which operator precedence causes incorrect logic to be used.

Affected Software

Name	Vendor	Start Version	End Version
Ipados	Apple	*	17.7.6 (excluding)
Ipados	Apple	18.0 (including)	18.4 (excluding)
Iphone_os	Apple	*	18.4 (excluding)
Macos	Apple	13.0 (including)	13.7.5 (excluding)
Macos	Apple	14.0 (including)	14.7.5 (excluding)
Macos	Apple	15.0 (including)	15.4 (excluding)
Tvos	Apple	*	18.4 (excluding)
Visionos	Apple	*	2.4 (excluding)

Potential Mitigations

References

https://support.apple.com/en-us/122371
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375
https://support.apple.com/en-us/122377
https://support.apple.com/en-us/122378

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-24210
CWE	https://cwe.mitre.org/data/definitions/783.html

Operator Precedence Logic Error

Weakness

Affected Software

Potential Mitigations

References