Vulnerability Description
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 17.7.7 |
| Apple | Iphone Os | < 18.5 |
| Apple | Macos | < 13.7.6 |
| Apple | Visionos | < 2.5 |
Related Weaknesses (CWE)
References
- https://support.apple.com/en-us/122373Release NotesVendor Advisory
- https://support.apple.com/en-us/122404Release NotesVendor Advisory
- https://support.apple.com/en-us/122405Release NotesVendor Advisory
- https://support.apple.com/en-us/122717Release NotesVendor Advisory
- https://support.apple.com/en-us/122718Release NotesVendor Advisory
- https://support.apple.com/en-us/122721Release NotesVendor Advisory
- http://seclists.org/fulldisclosure/2025/May/12
- http://seclists.org/fulldisclosure/2025/May/6
- http://seclists.org/fulldisclosure/2025/May/9
FAQ
What is CVE-2025-30448?
CVE-2025-30448 is a vulnerability with a CVSS score of 9.1 (CRITICAL). This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5...
How severe is CVE-2025-30448?
CVE-2025-30448 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-30448?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Macos, Apple Visionos.