CVE-2025-24206

HIGH Year: 2025
CVSS v3 Score
7.7
High
Weakness Type
CWE-863
View all →

Vulnerability Description

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication policy.

Related Vulnerabilities

CVE-2016-4514

HIGH
CVSS:7.7(High)

Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy.

CWE-8632016

CVE-2020-3467

HIGH
CVSS:7.7(High)

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. ...

CWE-8632020

CVE-2021-21484

HIGH
CVSS:7.7(High)

LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP directory server is configured to enable unauthenticated bind.

CWE-8632021

CVE-2023-23304

HIGH
CVSS:7.7(High)

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious app...

CWE-8632023

CVE-2023-42860

HIGH
CVSS:7.7(High)

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of t...

CWE-8632023

CVE-2024-10975

HIGH
CVSS:7.7(High)

Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. Thi...

CWE-8632024