CVE-2025-30465
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5, macOS Sonoma 14.8.2, macOS Tahoe 26.1, macOS Ventura 13.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apple | iPadOS | 0 < 17.7.6 | affected |
| Apple | macOS | 0 < 13.7.5 | affected |
| Apple | macOS | 0 < 14.7.5 | affected |
| Apple | macOS | 0 < 14.8.2 | affected |
| Apple | macOS | 0 < 15.4 | affected |
| Apple | macOS | 0 < 15.7.2 | affected |
| Apple | macOS | 0 < 26.1 | affected |
Weaknesses
- A shortcut may be able to access files that are normally inaccessible to the Shortcuts app
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
CVE Program Container
Additional References
- http://seclists.org/fulldisclosure/2025/Apr/10
- http://seclists.org/fulldisclosure/2025/Apr/9
- http://seclists.org/fulldisclosure/2025/Apr/8
- http://seclists.org/fulldisclosure/2025/Apr/5
References
- https://support.apple.com/en-us/122372
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122375
- https://support.apple.com/en-us/125634
- https://support.apple.com/en-us/125635
- https://support.apple.com/en-us/125636
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.