Cyber Resilience

CVE-2025-30461

Critical

Published: 31 March 2025

Published
31 March 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0046 64.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30461 is a critical-severity Missing Authorization (CWE-862) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Clipboard Data (T1115); ranked in the top 35.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-39 (Process Isolation).

Deeper analysis

CVE-2025-30461 is an access control vulnerability (CWE-862: Missing Authorization) affecting macOS versions prior to Sequoia 15.4, specifically involving insufficient sandbox restrictions on system pasteboards. This flaw allows a malicious app to access protected user data that should otherwise be isolated from application sandboxes.

The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable over a network with low complexity, no privileges or user interaction required, and high impacts on confidentiality, integrity, and availability. A remote attacker can craft and distribute a malicious app that, once installed and executed by the user, bypasses sandbox protections to read sensitive data from system pasteboards.

Apple's security advisory (https://support.apple.com/en-us/122373) confirms the issue was addressed in macOS Sequoia 15.4 through additional sandbox restrictions on system pasteboards. Additional details appear in a Full Disclosure mailing list post (http://seclists.org/fulldisclosure/2025/Apr/8). Security practitioners should prioritize updating affected macOS systems and advise users to avoid untrusted apps.

EU & UK References

Vulnerability details

An access issue was addressed with additional sandbox restrictions on the system pasteboards. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1115 Clipboard Data Collection
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Why these techniques?

The vulnerability directly enables bypassing macOS sandbox restrictions to read sensitive data from system pasteboards, facilitating T1115 Clipboard Data collection.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24241Same product: Apple Macos
CVE-2025-24259Same product: Apple Macos
CVE-2025-31194Same product: Apple Macos
CVE-2025-24245Same product: Apple Macos
CVE-2025-24181Same product: Apple Macos
CVE-2025-24249Same product: Apple Macos
CVE-2025-24265Same product: Apple Macos
CVE-2025-24109Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2025-24256Same product: Apple Macos

Affected Assets

apple
macos
≤ 15.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prevents unauthorized information transfer via shared system resources like system pasteboards, directly addressing the sandbox bypass allowing app access to protected user data.

prevent

Enforces approved authorizations for access to system resources, mitigating the missing authorization that permitted malicious apps to read protected pasteboard data.

prevent

Maintains process isolation through sandboxing, countering the insufficient restrictions that allowed apps to escape isolation and access protected user data.

References