CVE-2025-30448: This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5,...
9.1
CVSS
Description
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.
Classification
CVE ID: CVE-2025-30448
CVSS Base Severity: CRITICAL
CVSS Base Score: 9.1
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Problem Types
An attacker may be able to turn on sharing of an iCloud folder without authenticationAffected Products
Vendor: Apple
Product: iPadOS, iOS and iPadOS, macOS, visionOS
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.13% (probability of being exploited)
EPSS Percentile: 33.67% (scored less or equal to compared to others)
EPSS Date: 2025-06-07 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-30448https://support.apple.com/en-us/122405
https://support.apple.com/en-us/122404
https://support.apple.com/en-us/122717
https://support.apple.com/en-us/122721
https://support.apple.com/en-us/122718
https://support.apple.com/en-us/122373