CVE-2025-30460
Published: 31 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-30460 is a permissions issue, classified under CWE-284 (Improper Access Control), affecting macOS versions prior to Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. The vulnerability enables an app to access protected user data due to inadequate permission enforcement.
The CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) indicates that unauthenticated attackers can exploit it over a network with no user interaction or privileges required, though it demands high attack complexity. Successful exploitation allows the app to compromise high confidentiality and integrity of protected user data.
Apple's security advisories detail the fix, which removes vulnerable code and adds additional checks. Systems should be updated to macOS Sequoia 15.4, macOS Sonoma 14.7.5, or macOS Ventura 13.7.5 for mitigation, as outlined in support documents at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375, with further discussion in Full Disclosure archives.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a macOS permissions bypass (CWE-284) allowing unauthorized access to protected user data due to inadequate enforcement; this directly facilitates abuse of the TCC access control framework (T1548.006) and enables collection of sensitive data from the local system (T1005).