Cyber Posture

CVE-2025-30456

High

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0003 9.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30456 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation of directory path inputs to prevent parsing issues that enable apps to escalate to root privileges.

SI-2 Flaw Remediation good match
prevent

Mandates timely remediation of flaws like the path parsing vulnerability through patching as provided in specified iOS and macOS updates.

AC-3 Access Enforcement partial match
prevent

Enforces access control policies that path validation supports, mitigating unauthorized root access by unprivileged apps.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The CVE describes a local privilege escalation vulnerability via improper directory path parsing/validation, allowing an unprivileged app to gain root access; this directly maps to T1068 Exploitation for Privilege Escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to…

more

gain root privileges.

Deeper analysisAI

CVE-2025-30456 is a parsing issue in the handling of directory paths that was addressed through improved path validation. The vulnerability affects Apple's iOS and iPadOS prior to version 18.4, as well as macOS Sequoia prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. It is classified under CWE-281 and has a CVSS v3.1 base score of 7.8.

The vulnerability can be exploited by a local attacker with no privileges required, though it demands low complexity and user interaction. Successful exploitation allows an app to elevate privileges to root level, potentially granting high-impact confidentiality, integrity, and availability compromises within the unchanged scope.

Apple's security advisories detail the fixes in the specified OS updates, recommending users apply patches immediately to mitigate the issue. Relevant documentation is available at support.apple.com/en-us/122371, support.apple.com/en-us/122373, support.apple.com/en-us/122374, support.apple.com/en-us/122375, and seclists.org/fulldisclosure/2025/Apr/10.

Details

CWE(s)
CWE-281

Affected Products

apple
ipados
≤ 18.4
apple
iphone os
≤ 18.4
apple
macos
≤ 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

CVEs Like This One

CVE-2025-31184Same product: Apple Ipados
CVE-2025-30449Same product: Apple Macos
CVE-2026-20667Same product: Apple Ipados
CVE-2025-24238Same product: Apple Ipados
CVE-2026-20688Same product: Apple Ipados
CVE-2025-24178Same product: Apple Ipados
CVE-2026-20626Same product: Apple Ipados
CVE-2024-44227Same product: Apple Ipados
CVE-2026-20615Same product: Apple Ipados
CVE-2025-24154Same product: Apple Ipados

References