CVE-2025-30430
Published: 31 March 2025
Summary
CVE-2025-30430 is a critical-severity Improper Authentication (CWE-287) vulnerability in Apple Ipados. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Credentials from Web Browsers (T1555.003); ranked at the 31.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-24 (Fail in Known State).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations to prevent password autofill after authentication failure due to improper state management.
Requires the system to fail to a known secure state after authentication failure, directly addressing the improper state management in password autofill.
Mandates re-authentication for sensitive actions like password autofill to mitigate risks from failed prior authentication states.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in Apple's password autofill allows passwords to be filled despite failed authentication due to improper state management, directly enabling unauthorized access to stored passwords from web browsers or password managers.
NVD Description
This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. Password autofill may fill in passwords after failing authentication.
Deeper analysisAI
CVE-2025-30430 is a critical vulnerability in Apple's password autofill feature, where passwords may be automatically filled even after authentication fails due to improper state management. This issue affects iOS versions prior to 18.4, iPadOS prior to 18.4, macOS Sequoia prior to 15.4, visionOS prior to 2.4, and watchOS prior to 11.4. Classified under CWE-287 (Improper Authentication), it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-31.
A remote attacker requires no privileges or user interaction and can exploit the flaw over the network with low attack complexity. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially allowing unauthorized access to stored passwords through the autofill mechanism despite failed authentication checks.
Apple advisories confirm the issue was addressed via improved state management in iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, and watchOS 11.4. Security practitioners should prioritize updating affected devices to these versions, with further details available in Apple's security content at support.apple.com/en-us/122371, support.apple.com/en-us/122373, support.apple.com/en-us/122376, support.apple.com/en-us/122378, and seclists.org/fulldisclosure/2025/Apr/12.
Details
- CWE(s)