Protection Mechanism Failure in macOS - CVE-2025-24172
Published: April 2, 2025
Vulnerability identifier: #VU106873
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-24172
CWE-ID: CWE-693
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in the "Block All Remote Content" feature in Mail, which may not apply for al mail previews. A remote attacker can gain access to sensitive information when the victim opens a specially crafted email message.
How to mitigate CVE-2025-24172
Install updates from vendor's website.