CVE-2025-30464
Published: 31 March 2025
Description
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Security Summary
CVE-2025-30464 is an out-of-bounds write vulnerability (CWE-787) affecting Apple's macOS operating system. It impacts macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The issue stems from insufficient bounds checking and was addressed with improvements to bounds validation.
The vulnerability carries a CVSS v3.1 base score of 7.8 (High), with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. A local attacker requires no privileges but needs user interaction, such as running a malicious app, to exploit it with low attack complexity. Successful exploitation enables the app to cause unexpected system termination or corrupt kernel memory.
Apple's security advisories confirm the vulnerability was fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5 through enhanced bounds checking. Further details on the patches and affected components are provided in the referenced support pages from Apple and full disclosure postings on seclists.org.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The kernel out-of-bounds write allows local memory corruption via a malicious app (no privileges required), directly enabling exploitation for privilege escalation to kernel context.