Cyber Posture

CVE-2025-30464

High

Published: 31 March 2025

Published
31 March 2025
Modified
02 April 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0007 21.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30464 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Macos. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 21.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses the root cause of the out-of-bounds write by enforcing bounds checking and validation of inputs to prevent kernel memory corruption.

SI-16 Memory Protection good match
prevent

Implements memory safeguards like non-executable memory and address randomization to protect kernel memory from corruption by malicious apps.

SI-2 Flaw Remediation good match
prevent

Ensures timely identification, reporting, and patching of flaws like this out-of-bounds write vulnerability as demonstrated by Apple's updates.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The kernel out-of-bounds write allows local memory corruption via a malicious app (no privileges required), directly enabling exploitation for privilege escalation to kernel context.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory.

Deeper analysisAI

CVE-2025-30464 is an out-of-bounds write vulnerability (CWE-787) affecting Apple's macOS operating system. It impacts macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5. The issue stems from insufficient bounds checking and was addressed with improvements to bounds validation.

The vulnerability carries a CVSS v3.1 base score of 7.8 (High), with the vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. A local attacker requires no privileges but needs user interaction, such as running a malicious app, to exploit it with low attack complexity. Successful exploitation enables the app to cause unexpected system termination or corrupt kernel memory.

Apple's security advisories confirm the vulnerability was fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5 through enhanced bounds checking. Further details on the patches and affected components are provided in the referenced support pages from Apple and full disclosure postings on seclists.org.

Details

CWE(s)
CWE-787

Affected Products

apple
macos
≤ 13.7.5 · 14.0 — 14.7.5 · 15.0 — 15.4

CVEs Like This One

CVE-2024-54509Same product: Apple Macos
CVE-2025-24231Same product: Apple Macos
CVE-2025-24273Same product: Apple Macos
CVE-2026-28825Same product: Apple Macos
CVE-2025-24170Same product: Apple Macos
CVE-2026-20658Same product: Apple Macos
CVE-2026-20610Same product: Apple Macos
CVE-2025-43275Same product: Apple Macos
CVE-2024-54546Same product: Apple Macos
CVE-2024-44305Same product: Apple Macos

References