CVE-2025-30449
Published: 31 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-30449 is a permissions issue, classified under CWE-281, that was addressed by Apple through additional restrictions. The vulnerability affects macOS Sequoia prior to version 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. It enables an app to gain root privileges on vulnerable systems.
The vulnerability has a CVSS v3.1 base score of 7.8 (High), with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. A local attacker requires no privileges and can exploit it with low attack complexity, but user interaction is necessary, such as running a malicious app. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability by elevating to root privileges.
Apple's security advisories confirm the issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Mitigation involves updating to these patched versions. Additional details are provided in Apple's support documents at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375, as well as Full Disclosure mailing list posts at http://seclists.org/fulldisclosure/2025/Apr/10 and http://seclists.org/fulldisclosure/2025/Apr/8.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a local permissions flaw (CWE-281) that directly allows a malicious app to escalate to root privileges on macOS, matching the definition of T1068 Exploitation for Privilege Escalation.