Cyber Resilience

CVE-2025-30444

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0016 36.2th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30444 is a critical-severity Race Condition (CWE-362) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 36.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-30444 is a race condition vulnerability (CWE-362) addressed through improved locking mechanisms in Apple's macOS operating system. It affects macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The issue arises in the component handling SMB network shares, where mounting a maliciously crafted SMB share can trigger the race condition.

With a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), the vulnerability enables remote exploitation over the network with low complexity, no required privileges, and no user interaction. An unauthenticated attacker can craft and host a malicious SMB share, leading a target system to mount it and suffer high-impact consequences, including system termination.

Apple's security advisories confirm the fix in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5, recommending immediate updates to mitigate the risk. Further technical details and potential proof-of-concept information appear in the referenced Apple support pages (https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375) and Full Disclosure mailing list archives (http://seclists.org/fulldisclosure/2025/Apr/10, http://seclists.org/fulldisclosure/2025/Apr/8).

EU & UK References

Vulnerability details

A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The race condition in macOS SMB share handling allows remote unauthenticated exploitation via a malicious SMB share, directly resulting in system termination (high availability impact) through application/system exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-43244Same product: Apple Macos
CVE-2025-24265Same product: Apple Macos
CVE-2026-28924Same product: Apple Macos
CVE-2026-28842Same product: Apple Macos
CVE-2024-40849Same product: Apple Macos
CVE-2026-28891Same product: Apple Macos
CVE-2025-24139Same product: Apple Macos
CVE-2026-28817Same product: Apple Macos
CVE-2025-43275Same product: Apple Macos
CVE-2025-31188Same product: Apple Macos

Affected Assets

apple
macos
13.0 — 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Applying vendor-specific patches, such as macOS updates to Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5, directly remediates the race condition in SMB share handling.

prevent

Boundary protection mechanisms block unauthorized inbound SMB traffic from untrusted networks, preventing systems from mounting malicious shares that trigger the race condition.

prevent

Secure configuration settings for SMB client functionality, such as requiring authentication and disabling guest access or auto-mounting, reduce exposure to maliciously crafted shares.

References