Cyber Posture

CVE-2025-30458

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0090 75.8th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30458 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 24.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-25 (Reference Monitor) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for logical access to files, directly preventing apps from reading outside sandbox boundaries as exploited in this CVE.

AC-25 Reference Monitor good match
prevent

Implements a reference monitor mechanism to mediate and enforce sandbox access control policies against unauthorized file reads.

SC-39 Process Isolation good match
prevent

Maintains process isolation domains essential for sandboxing, mitigating bypasses that allow inter-process file access violations.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Sandbox bypass via permissions flaw directly enables exploitation for privilege escalation (T1068) and facilitates unauthorized access to local files/data (T1005).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read files outside of its sandbox.

Deeper analysisAI

CVE-2025-30458 is a permissions issue in macOS that allows an app to read files outside of its sandbox. The vulnerability affects macOS versions prior to Sequoia 15.4 and is classified under CWE-125. It was published on 2025-03-31 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

A remote attacker requires no privileges or user interaction and can exploit the issue over the network with low attack complexity and unchanged scope. Successful exploitation enables the app to bypass sandbox restrictions, potentially leading to high impacts on confidentiality, integrity, and availability.

Apple addressed the permissions issue with additional restrictions, and the fix is included in macOS Sequoia 15.4. Additional details are available in the Apple security advisory at https://support.apple.com/en-us/122373 and the Full Disclosure mailing list posting at http://seclists.org/fulldisclosure/2025/Apr/8.

Details

CWE(s)
CWE-125

Affected Products

apple
macos
≤ 15.4

CVEs Like This One

CVE-2025-24228Same product: Apple Macos
CVE-2026-28832Same product: Apple Macos
CVE-2025-24196Same product: Apple Macos
CVE-2024-44199Same product: Apple Macos
CVE-2025-24256Same product: Apple Macos
CVE-2026-20620Same product: Apple Macos
CVE-2025-43198Same product: Apple Macos
CVE-2025-24265Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos
CVE-2026-28817Same product: Apple Macos

References