CVE-2025-30454
Description
A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, tvOS 18.4, watchOS 11.4. A malicious app may be able to access private information.
CWE
- CWE-200 — CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Affected
- Apple / iOS and iPadOS — v=0 <18.4 [affected]
- Apple / macOS — v=0 <14.7.5 [affected]; v=0 <15.4 [affected]
- Apple / tvOS — v=0 <18.4 [affected]
- Apple / watchOS — v=0 <11.4 [affected]
CVSS
- (none)
References
- https://support.apple.com/en-us/122371
- https://support.apple.com/en-us/122373
- https://support.apple.com/en-us/122374
- https://support.apple.com/en-us/122376
- https://support.apple.com/en-us/122377
Source
cvelistV5-main/cves/2025/30xxx/CVE-2025-30454.json