← Zuruck zu CVEs

CVE-2025-30448

CRITICAL

9.1

Beschreibung

This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication.

CVE Details

CVSS v3.1 Bewertung9.1

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht5/12/2025

Zuletzt geandert4/2/2026

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

apple:ipadosapple:iphone_osapple:macosapple:visionos

Schwachen (CWE)

CWE-862

Referenzen

https://support.apple.com/en-us/122373(product-security@apple.com)

https://support.apple.com/en-us/122404(product-security@apple.com)

https://support.apple.com/en-us/122405(product-security@apple.com)

https://support.apple.com/en-us/122717(product-security@apple.com)

https://support.apple.com/en-us/122718(product-security@apple.com)

https://support.apple.com/en-us/122721(product-security@apple.com)

http://seclists.org/fulldisclosure/2025/May/12(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2025/May/6(af854a3a-2127-422b-91ae-364da2661108)

http://seclists.org/fulldisclosure/2025/May/9(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.