CVE-2025-24097 is a vulnerability identified in Apple’s iOS and iPadOS platforms, as well as related Apple operating systems such as macOS Sequoia, macOS Sonoma, tvOS, and watchOS. The root cause is a permissions issue that allows an application with limited privileges to read arbitrary file metadata. Metadata can include file attributes such as creation and modification timestamps, file size, file paths, and other descriptive information that, while not the file content itself, can reveal sensitive operational or user information. This vulnerability is classified under CWE-125 (Out-of-bounds Read), indicating that the app can access data beyond its intended scope. The CVSS v3.1 base score is 5.0 (medium severity), reflecting that exploitation requires local access (AV:L), low complexity (AC:L), privileges (PR:L), and user interaction (UI:R). The impact is high on confidentiality because metadata exposure can leak sensitive information, but there is no impact on integrity or availability. Apple has mitigated this issue by implementing additional restrictions on file metadata access in the patched OS versions: iOS 18.4, iPadOS 18.4 and 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, and watchOS 11.4. No public exploits have been reported, but the vulnerability could be leveraged by malicious apps to gather intelligence or facilitate further attacks such as targeted phishing or privacy breaches.

The primary impact of CVE-2025-24097 is unauthorized disclosure of file metadata, which can compromise user privacy and leak sensitive operational details. While the file contents remain protected, metadata can reveal patterns of user behavior, file usage, or system configurations that attackers can exploit for reconnaissance. This can aid in crafting more effective social engineering attacks or identifying valuable targets within an organization. For enterprises and individuals relying on Apple devices, this vulnerability could lead to privacy violations or indirect compromise if metadata is used to escalate attacks. Since exploitation requires local app installation and user interaction, the risk is mitigated somewhat but remains significant in environments where users install untrusted apps or where insider threats exist. The vulnerability affects a broad range of Apple platforms, increasing the scope of potential impact across mobile, desktop, and embedded device ecosystems.

Organizations and users should promptly update affected Apple operating systems to the patched versions: iOS 18.4, iPadOS 18.4 and 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, and watchOS 11.4. Beyond patching, implement strict app vetting policies to limit installation of untrusted or unnecessary applications, especially on corporate devices. Employ Mobile Device Management (MDM) solutions to enforce app installation restrictions and monitor app permissions. Educate users on the risks of installing apps from unverified sources and the importance of user interaction in exploitation. Regularly audit installed apps and their permissions to detect anomalous access patterns. For high-security environments, consider additional endpoint protection tools that monitor file system metadata access. Finally, maintain robust incident response plans to quickly address any suspicious activity related to metadata access.