CVE-2025-30458
Published: 31 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-30458 is a permissions issue in macOS that allows an app to read files outside of its sandbox. The vulnerability affects macOS versions prior to Sequoia 15.4 and is classified under CWE-125. It was published on 2025-03-31 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A remote attacker requires no privileges or user interaction and can exploit the issue over the network with low attack complexity and unchanged scope. Successful exploitation enables the app to bypass sandbox restrictions, potentially leading to high impacts on confidentiality, integrity, and availability.
Apple addressed the permissions issue with additional restrictions, and the fix is included in macOS Sequoia 15.4. Additional details are available in the Apple security advisory at https://support.apple.com/en-us/122373 and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Apr/8.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Sandbox bypass via permissions flaw directly enables exploitation for privilege escalation (T1068) and facilitates unauthorized access to local files/data (T1005).