CVE-2025-30433
Published: 31 March 2025
Summary
CVE-2025-30433 is a critical-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 35.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for logical access to system resources such as files, directly addressing the Shortcuts app's improper access restrictions.
Implements a tamper-resistant reference monitor to enforce access control policies, mitigating bypasses of file access restrictions in the Shortcuts app.
Applies least privilege to processes like the Shortcuts app, preventing access to normally inaccessible files.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability bypasses access restrictions in the Shortcuts app, enabling a malicious shortcut to read, modify, and delete normally inaccessible files, which directly maps to data access from local system, data destruction, and stored data manipulation.
NVD Description
This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. A shortcut may be able to access…
more
files that are normally inaccessible to the Shortcuts app.
Deeper analysisAI
CVE-2025-30433 is a vulnerability in Apple's Shortcuts app that allows a shortcut to access files normally inaccessible to the app due to improper access restrictions (CWE-284). It affects iOS versions prior to 18.4, iPadOS versions prior to 18.4 and 17.7.6, macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, macOS Ventura prior to 13.7.5, visionOS prior to 2.4, and watchOS prior to 11.4. The issue, published on 2025-03-31, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity.
Attackers with network access can exploit this vulnerability with low complexity, no required privileges, and no user interaction. Successful exploitation enables high-impact violations of confidentiality, integrity, and availability, allowing unauthorized access to, modification of, or deletion of sensitive files through a malicious shortcut.
Apple advisories state the issue was addressed with improved access restrictions in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, and watchOS 11.4. Security practitioners should prioritize updating affected devices and review the detailed release notes in Apple's support documents at https://support.apple.com/en-us/122371, https://support.apple.com/en-us/122372, https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375.
Details
- CWE(s)