CVE-2025-24085

Risk Scores

Affected Products

Exploit Intelligence

• Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
• Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
• Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
• Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
• Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
• Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
• Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
• Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
• Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc-repo)
• Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction. (github-poc)

…and 100 more exploits

Timeline

• Jan 27, 2025 PoC Published
• Jan 27, 2025 CVE Published
• Jan 28, 2025 EPSS Score
• Jan 29, 2025 CISA KEV Added
• Feb 12, 2025 Coalition ESS Score
• Feb 18, 2025 Coalition ESS Score
• Mar 9, 2025 Coalition ESS Score
• Mar 13, 2025 Coalition ESS Score
• Mar 19, 2025 EPSS Score
• Mar 21, 2025 Coalition ESS Score
• Mar 27, 2025 EPSS Score
• Apr 4, 2025 EPSS Score

References

• https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0201.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0201 advisory
• https://support.apple.com/en-us/122068 advisory
• https://support.apple.com/en-us/122069 advisory
• https://support.apple.com/en-us/122070 advisory
• https://support.apple.com/en-us/122067 advisory
• https://support.apple.com/en-us/122066 advisory
• https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0663.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0663 advisory
• https://support.apple.com/en-us/122371 advisory
• https://support.apple.com/en-us/122372 advisory
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24085&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url exploit
• https://lists.suse.com/pipermail/sle-security-updates/2025-June/021061.html advisory
• https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0668.json advisory
• https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0668 advisory
• https://support.apple.com/en-us/122375 advisory
• https://support.apple.com/en-us/122374 advisory
• https://support.apple.com/en-us/122373 advisory