Cyber Posture

CVE-2025-30461

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0039 60.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30461 is a critical-severity Missing Authorization (CWE-862) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Clipboard Data (T1115); ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-39 (Process Isolation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Clipboard Data (T1115). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-4 Information in Shared System Resources good match
prevent

Prevents unauthorized information transfer via shared system resources like system pasteboards, directly addressing the sandbox bypass allowing app access to protected user data.

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to system resources, mitigating the missing authorization that permitted malicious apps to read protected pasteboard data.

SC-39 Process Isolation good match
prevent

Maintains process isolation through sandboxing, countering the insufficient restrictions that allowed apps to escape isolation and access protected user data.

MITRE ATT&CK Enterprise TechniquesAI

T1115 Clipboard Data Collection
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
attack.mitre.org →
Why these techniques?

The vulnerability directly enables bypassing macOS sandbox restrictions to read sensitive data from system pasteboards, facilitating T1115 Clipboard Data collection.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

Deeper analysisAI

CVE-2025-30461 is an access control vulnerability (CWE-862: Missing Authorization) affecting macOS versions prior to Sequoia 15.4, specifically involving insufficient sandbox restrictions on system pasteboards. This flaw allows a malicious app to access protected user data that should otherwise be isolated from application sandboxes.

The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over a network with low complexity, no privileges or user interaction required, and high impacts on confidentiality, integrity, and availability. A remote attacker can craft and distribute a malicious app that, once installed and executed by the user, bypasses sandbox protections to read sensitive data from system pasteboards.

Apple's security advisory (https://support.apple.com/en-us/122373) confirms the issue was addressed in macOS Sequoia 15.4 through additional sandbox restrictions on system pasteboards. Additional details appear in a Full Disclosure mailing list post (http://seclists.org/fulldisclosure/2025/Apr/8). Security practitioners should prioritize updating affected macOS systems and advise users to avoid untrusted apps.

Details

CWE(s)
CWE-862

Affected Products

apple
macos
≤ 15.4

CVEs Like This One

CVE-2025-24245Same product: Apple Macos
CVE-2025-24241Same product: Apple Macos
CVE-2025-24259Same product: Apple Macos
CVE-2025-24249Same product: Apple Macos
CVE-2025-24181Same product: Apple Macos
CVE-2025-31194Same product: Apple Macos
CVE-2025-30452Same product: Apple Macos
CVE-2025-43219Same product: Apple Macos
CVE-2025-43189Same product: Apple Macos
CVE-2025-24267Same product: Apple Macos

References