← Volver a CVEs

CVE-2025-30448

CRITICAL

9.1

Descripcion

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication.

Detalles CVE

Puntuacion CVSS v3.19.1

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado5/12/2025

Ultima modificacion4/2/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

apple:ipadosapple:iphone_osapple:macosapple:visionos

Debilidades (CWE)

CWE-862

Referencias

https://support.apple.com/en-us/122373(product-security@apple.com)

https://support.apple.com/en-us/122404(product-security@apple.com)

https://support.apple.com/en-us/122405(product-security@apple.com)

https://support.apple.com/en-us/122717(product-security@apple.com)

https://support.apple.com/en-us/122718(product-security@apple.com)

https://support.apple.com/en-us/122721(product-security@apple.com)

http://seclists.org/fulldisclosure/2025/May/12(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2025/May/6(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2025/May/9(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.