CVE-2025-30448 - Vulnerability Details

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Apple	Ipados Iphone Os Macos Visionos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:visionos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122404
https://support.apple.com/en-us/122405
https://support.apple.com/en-us/122717
https://support.apple.com/en-us/122718
https://support.apple.com/en-us/122721

History

Tue, 27 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple iphone Os Apple macos Apple visionos
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:visionos::::::::
Vendors & Products		Apple Apple ipados Apple iphone Os Apple macos Apple visionos

Wed, 14 May 2025 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-862
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 12 May 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.
References		https://support.apple.com/en-us/122373 https://support.apple.com/en-us/122404 https://support.apple.com/en-us/122405 https://support.apple.com/en-us/122717 https://support.apple.com/en-us/122718 https://support.apple.com/en-us/122721

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-05-12T21:42:26.699Z

Updated: 2025-05-14T16:30:02.707Z

Reserved: 2025-03-22T00:04:43.719Z

Link: CVE-2025-30448

Vulnrichment

Updated: 2025-05-14T16:29:57.417Z

NVD

Status : Analyzed

Published: 2025-05-12T22:15:21.190

Modified: 2025-05-27T13:57:52.663

Link: CVE-2025-30448

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object