CVE-2025-30426

{"id": "CVE-2025-30426", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-03-31T23:15:24.940", "references": [{"url": "https://support.apple.com/en-us/122371", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/122372", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/122373", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/122376", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/122377", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/122378", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/11", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/12", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/13", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/5", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2025/Apr/8", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to enumerate a user's installed apps."}, {"lang": "es", "value": "Este problema se solucion\u00f3 con comprobaciones adicionales de derechos. Este problema est\u00e1 corregido en visionOS 2.4, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 y iPadOS 18.4, y macOS Sequoia 15.4. Una aplicaci\u00f3n puede enumerar las aplicaciones instaladas de un usuario."}], "lastModified": "2026-04-02T19:19:34.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "687E67E4-136D-4154-BA6F-5ACA16254023", "versionEndExcluding": "17.7.6"}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAAF5169-C6A9-449A-B41F-2CB1801EBA4B", "versionEndExcluding": "18.4", "versionStartIncluding": "18.0"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990", "versionEndExcluding": "18.4"}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1320B815-0457-4276-83B9-AFAFDAF17EDA", "versionEndExcluding": "15.4", "versionStartIncluding": "15.0"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C61CCC2-87D3-4A3A-837B-63C48299A7AD", "versionEndExcluding": "18.4"}, {"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E82603D7-A630-4B9B-9C51-880667F05EC7", "versionEndExcluding": "2.4"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}