CVE-2025-30461
Published: 31 March 2025
Description
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Security Summary
CVE-2025-30461 is an access control vulnerability (CWE-862: Missing Authorization) affecting macOS versions prior to Sequoia 15.4, specifically involving insufficient sandbox restrictions on system pasteboards. This flaw allows a malicious app to access protected user data that should otherwise be isolated from application sandboxes.
The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over a network with low complexity, no privileges or user interaction required, and high impacts on confidentiality, integrity, and availability. A remote attacker can craft and distribute a malicious app that, once installed and executed by the user, bypasses sandbox protections to read sensitive data from system pasteboards.
Apple's security advisory (https://support.apple.com/en-us/122373) confirms the issue was addressed in macOS Sequoia 15.4 through additional sandbox restrictions on system pasteboards. Additional details appear in a Full Disclosure mailing list post (http://seclists.org/fulldisclosure/2025/Apr/8). Security practitioners should prioritize updating affected macOS systems and advise users to avoid untrusted apps.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability directly enables bypassing macOS sandbox restrictions to read sensitive data from system pasteboards, facilitating T1115 Clipboard Data collection.