CVE-2025-30448

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.

CVSS v3 9.1 CRITICAL

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122373	Release Notes Vendor Advisory
https://support.apple.com/en-us/122404	Release Notes Vendor Advisory
https://support.apple.com/en-us/122405	Release Notes Vendor Advisory
https://support.apple.com/en-us/122717	Release Notes Vendor Advisory
https://support.apple.com/en-us/122718	Release Notes Vendor Advisory
https://support.apple.com/en-us/122721	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:visionos::::::::

History

27 May 2025, 13:57

Type	Values Removed	Values Added
First Time		Apple visionos Apple macos Apple iphone Os Apple Apple ipados
CPE		cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:macos:::::::: cpe:2.3:o:apple:ipados::::::::
References	~~() https://support.apple.com/en-us/122373 -~~	() https://support.apple.com/en-us/122373 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122404 -~~	() https://support.apple.com/en-us/122404 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122405 -~~	() https://support.apple.com/en-us/122405 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122717 -~~	() https://support.apple.com/en-us/122717 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122718 -~~	() https://support.apple.com/en-us/122718 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122721 -~~	() https://support.apple.com/en-us/122721 - Release Notes, Vendor Advisory

14 May 2025, 17:15

Type	Values Removed	Values Added
CWE		CWE-862
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.1

13 May 2025, 19:35

Type	Values Removed	Values Added
Summary		(es) Este problema se solucionó con comprobaciones adicionales de derechos. Este problema está corregido en macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 y iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6 y macOS Sequoia 15.4. Un atacante podría activar el uso compartido de una carpeta de iCloud sin autenticación.

12 May 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-12 22:15

Updated : 2025-05-27 13:57

NVD link : CVE-2025-30448

Mitre link : CVE-2025-30448

CVE.ORG link : CVE-2025-30448

JSON object : View

Products Affected

apple

iphone_os
visionos
ipados
macos

CWE

CWE-862

Missing Authorization

9.1 /10