CVE-2025-30465 - Vulnerability Details - OpenCVE

A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Apple	Ipados Macos

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:macos::::::::

No data.

References

Link	Providers
https://support.apple.com/en-us/122372
https://support.apple.com/en-us/122373
https://support.apple.com/en-us/122374
https://support.apple.com/en-us/122375

History

Fri, 04 Apr 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple ipados Apple macos
CPEs		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:macos::::::::
Vendors & Products		Apple Apple ipados Apple macos

Wed, 02 Apr 2025 15:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-276
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 31 Mar 2025 22:45:00 +0000

Type	Values Removed	Values Added
Description		A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
References		https://support.apple.com/en-us/122372 https://support.apple.com/en-us/122373 https://support.apple.com/en-us/122374 https://support.apple.com/en-us/122375

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2025-03-31T22:22:27.093Z

Updated: 2025-04-02T14:31:06.035Z

Reserved: 2025-03-22T00:04:43.722Z

Link: CVE-2025-30465

Vulnrichment

Updated: 2025-04-02T14:30:58.223Z

NVD

Status : Analyzed

Published: 2025-03-31T23:15:27.873

Modified: 2025-04-04T18:16:13.317

Link: CVE-2025-30465

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-30465", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-22T00:04:43.722Z", "datePublished": "2025-03-31T22:22:27.093Z", "dateUpdated": "2025-04-02T14:31:06.035Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "A shortcut may be able to access files that are normally inaccessible to the Shortcuts app"}]}], "affected": [{"vendor": "Apple", "product": "iPadOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "17.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "15.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "13.7", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app."}], "references": [{"url": "https://support.apple.com/en-us/122372"}, {"url": "https://support.apple.com/en-us/122373"}, {"url": "https://support.apple.com/en-us/122374"}, {"url": "https://support.apple.com/en-us/122375"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-03-31T22:22:27.093Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-02T14:28:51.335100Z", "id": "CVE-2025-30465", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T14:31:06.035Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-30465", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-02T14:28:51.335100Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T14:30:58.223Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "17.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "15.4", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.7", "versionType": "custom"}]}, {"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "13.7", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122372"}, {"url": "https://support.apple.com/en-us/122373"}, {"url": "https://support.apple.com/en-us/122374"}, {"url": "https://support.apple.com/en-us/122375"}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "A shortcut may be able to access files that are normally inaccessible to the Shortcuts app"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-03-31T22:22:27.093Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30465", "state": "PUBLISHED", "dateUpdated": "2025-04-02T14:31:06.035Z", "dateReserved": "2025-03-22T00:04:43.722Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-03-31T22:22:27.093Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "687E67E4-136D-4154-BA6F-5ACA16254023", "versionEndExcluding": "17.7.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "345CC17A-CCA4-4B82-A645-A5226A8DAEBB", "versionEndExcluding": "13.7.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "D05DCA25-A1A0-4AEA-9F31-952803114EE2", "versionEndExcluding": "14.7.5", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "1320B815-0457-4276-83B9-AFAFDAF17EDA", "versionEndExcluding": "15.4", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de permisos mejorando la validaci\u00f3n. Este problema se solucion\u00f3 en macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sequoia 15.4 y macOS Sonoma 14.7.5. Un acceso directo podr\u00eda acceder a archivos que normalmente no son accesibles desde la app Accesos directos."}], "id": "CVE-2025-30465", "lastModified": "2025-04-04T18:16:13.317", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-03-31T23:15:27.873", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122372"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122373"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122374"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122375"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-276"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}