CVE-2025-30431
Analyzed
Analyzed - Analysis Complete
Improper Access Control in macOS
Vulnerability report for CVE-2025-30431, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-11
Last updated on: 2026-06-12
Assigner: Apple Inc.
Description
Description
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | From 13.0 (inc) to 13.7.5 (exc) |
| apple | macos | From 14.0 (inc) to 14.7.5 (exc) |
| apple | macos | From 15.0 (inc) to 15.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |