CVE-2025-30460

High

Published: 31 March 2025

Published

31 March 2025

Modified

02 April 2026

KEV Added

—

Patch

—

CVSS Score 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score 0.0010 26.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30460 is a high-severity Improper Access Control (CWE-284) vulnerability in Apple Macos. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique TCC Manipulation (T1548.006); ranked at the 26.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to TCC Manipulation (T1548.006) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly enforces approved authorizations to prevent apps from bypassing permissions and accessing protected user data.

SI-2 Flaw Remediation good match

prevent

Requires identification, reporting, and correction of flaws like this permissions vulnerability via patching to fixed macOS versions.

AC-6 Least Privilege partial match

prevent

Employs least privilege to limit app access to only necessary resources, mitigating excessive permissions on protected user data.

MITRE ATT&CK Enterprise TechniquesAI

T1548.006 TCC Manipulation Privilege Escalation

Adversaries can manipulate or abuse the Transparency, Consent, & Control (TCC) service or database to grant malicious executables elevated permissions.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

Why these techniques?

The vulnerability is a macOS permissions bypass (CWE-284) allowing unauthorized access to protected user data due to inadequate enforcement; this directly facilitates abuse of the TCC access control framework (T1548.006) and enables collection of sensitive data from the local system (T1005).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

NVD Description

A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to access protected user data.

Deeper analysisAI

CVE-2025-30460 is a permissions issue, classified under CWE-284 (Improper Access Control), affecting macOS versions prior to Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. The vulnerability enables an app to access protected user data due to inadequate permission enforcement.

The CVSS v3.1 base score of 7.4 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) indicates that unauthenticated attackers can exploit it over a network with no user interaction or privileges required, though it demands high attack complexity. Successful exploitation allows the app to compromise high confidentiality and integrity of protected user data.

Apple's security advisories detail the fix, which removes vulnerable code and adds additional checks. Systems should be updated to macOS Sequoia 15.4, macOS Sonoma 14.7.5, or macOS Ventura 13.7.5 for mitigation, as outlined in support documents at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, and https://support.apple.com/en-us/122375, with further discussion in Full Disclosure archives.

Details

CWE(s): CWE-284

Affected Products

apple

macos

≤ 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

CVEs Like This One

CVE-2025-24229Same product: Apple Macos

CVE-2026-28837Same product: Apple Macos

CVE-2025-43232Same product: Apple Macos

CVE-2025-43184Same product: Apple Macos

CVE-2025-43198Same product: Apple Macos

CVE-2025-24241Same product: Apple Macos

CVE-2026-20622Same product: Apple Macos

CVE-2025-30462Same product: Apple Macos

CVE-2025-43192Same product: Apple Macos

CVE-2025-43194Same product: Apple Macos

References

https://support.apple.com/en-us/122373
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122374
Release Notes, Vendor Advisory · product-security@apple.com
https://support.apple.com/en-us/122375
Release Notes, Vendor Advisory · product-security@apple.com
http://seclists.org/fulldisclosure/2025/Apr/10
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/8
af854a3a-2127-422b-91ae-364da2661108
http://seclists.org/fulldisclosure/2025/Apr/9
af854a3a-2127-422b-91ae-364da2661108