CVE-2025-30430
Published: 31 March 2025
Description
Adversaries may acquire user credentials from third-party password managers.
Security Summary
CVE-2025-30430 is a critical vulnerability in Apple's password autofill feature, where passwords may be automatically filled even after authentication fails due to improper state management. This issue affects iOS versions prior to 18.4, iPadOS prior to 18.4, macOS Sequoia prior to 15.4, visionOS prior to 2.4, and watchOS prior to 11.4. Classified under CWE-287 (Improper Authentication), it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-31.
A remote attacker requires no privileges or user interaction and can exploit the flaw over the network with low attack complexity. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing unauthorized access to stored passwords through the autofill mechanism despite failed authentication checks.
Apple advisories confirm the issue was addressed via improved state management in iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, and watchOS 11.4. Security practitioners should prioritize updating affected devices to these versions, with further details available in Apple's security content at support.apple.com/en-us/122371, support.apple.com/en-us/122373, support.apple.com/en-us/122376, support.apple.com/en-us/122378, and seclists.org/fulldisclosure/2025/Apr/12.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability in Apple's password autofill allows passwords to be filled despite failed authentication due to improper state management, directly enabling unauthorized access to stored passwords from web browsers or password managers.