CVE-2025-30433
Published: 31 March 2025
Description
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Security Summary
CVE-2025-30433 is a vulnerability in Apple's Shortcuts app that allows a shortcut to access files normally inaccessible to the app due to improper access restrictions (CWE-284). It affects iOS versions prior to 18.4, iPadOS versions prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, visionOS prior to 2.4, and watchOS prior to 11.4. The issue, published on 2025-03-31, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.
Attackers with network access can exploit this vulnerability with low complexity, no required privileges, and no user interaction. Successful exploitation enables high-impact violations of confidentiality, integrity, and availability, allowing unauthorized access to, modification of, or deletion of sensitive files through a malicious shortcut.
Apple advisories state the issue was addressed with improved access restrictions in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, and watchOS 11.4. Security practitioners should prioritize updating affected devices and review the detailed release notes in Apple's support documents at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability bypasses access restrictions in the Shortcuts app, enabling a malicious shortcut to read, modify, and delete normally inaccessible files, which directly maps to data access from local system, data destruction, and stored data manipulation.