CVE-2025-30465
Published: 31 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-30465 is a permissions vulnerability (CWE-276) in Apple's Shortcuts app, stemming from insufficient validation that allows a shortcut to access files normally inaccessible to the app. It affects iPadOS and macOS systems prior to the following fixed releases: iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5, macOS Sonoma 14.8.2, macOS Tahoe 26.1, and macOS Ventura 13.7.5. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its high impact on confidentiality, integrity, and availability.
Remote attackers require no privileges or user interaction to exploit this vulnerability over a network with low complexity. By leveraging a malicious shortcut, attackers can gain unauthorized access to sensitive files, potentially enabling data exfiltration, modification, or disruption of system resources.
Apple's security advisories detail the fix through improved permissions validation and recommend updating to the patched versions listed above. Relevant support pages include https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, and https://support.apple.com/en-us/125634.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is a client-side permissions bypass in the Shortcuts app allowing malicious shortcuts to access normally restricted files, directly mapping to T1203 (Exploitation for Client Execution) for remote exploitation of the app and T1005 (Data from Local System) for the resulting unauthorized file access and potential exfiltration.