Cyber Posture

CVE-2025-30437

High

Published: 31 March 2025

Published
31 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0015 34.9th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30437 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Apple Macos. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the bounds checking failure (CWE-119) by enforcing comprehensive input validation to prevent invalid inputs from corrupting coprocessor memory.

SI-16 Memory Protection good match
prevent

Provides memory protection mechanisms that safeguard coprocessor memory from unauthorized access or corruption by malicious apps exploiting bounds errors.

SI-2 Flaw Remediation good match
prevent

Mandates timely flaw remediation through patching, as demonstrated by the fix in macOS Sequoia 15.4 for this specific vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Remote network-exploitable bounds checking vulnerability (CWE-119) in macOS allowing coprocessor memory corruption with no privileges or user interaction required directly maps to exploiting a public-facing application for initial access and code execution.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.

Deeper analysisAI

CVE-2025-30437 is a bounds checking vulnerability (CWE-119) affecting macOS prior to Sequoia 15.4, where an app could corrupt coprocessor memory due to insufficient validation of input bounds. The issue was addressed through improved bounds checks, as detailed in Apple's security advisory.

Remote attackers can exploit this vulnerability over the network (AV:N) without privileges (PR:N) or user interaction (UI:N), though it requires high attack complexity (AC:H). Successful exploitation allows high-impact confidentiality (C:H) and integrity (I:H) violations with no availability impact (A:N) and unchanged scope (S:U), enabling an app to corrupt coprocessor memory, potentially leading to unauthorized data access or modification.

Apple's advisory at https://support.apple.com/en-us/122373 confirms the fix in macOS Sequoia 15.4, recommending immediate updates to mitigate the issue. Additional details appear in the Full Disclosure mailing list at http://seclists.org/fulldisclosure/2025/Apr/8.

Details

CWE(s)
CWE-119

Affected Products

apple
macos
15.0 — 15.4

CVEs Like This One

CVE-2025-43193Same product: Apple Macos
CVE-2025-43264Same product: Apple Macos
CVE-2025-43237Same product: Apple Macos
CVE-2025-24247Same product: Apple Macos
CVE-2025-24260Same product: Apple Macos
CVE-2025-31194Same product: Apple Macos
CVE-2025-24253Same product: Apple Macos
CVE-2025-24269Same product: Apple Macos
CVE-2025-30452Same product: Apple Macos
CVE-2025-24256Same product: Apple Macos

References