CVE-2025-30465

Description

A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5, macOS Sonoma 14.8.2, macOS Tahoe 26.1, macOS Ventura 13.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Apple / iPadOS0 – 17.7.6
Apple / macOS0 – 13.7.5
Apple / macOS0 – 14.7.5
Apple / macOS0 – 14.8.2
Apple / macOS0 – 15.4
Apple / macOS0 – 15.7.2
Apple / macOS0 – 26.1

References

VENDOR_ADVISORYhttps://support.apple.com/en-us/122372
VENDOR_ADVISORYhttps://support.apple.com/en-us/122373
VENDOR_ADVISORYhttps://support.apple.com/en-us/122374
VENDOR_ADVISORYhttps://support.apple.com/en-us/122375
VENDOR_ADVISORYhttps://support.apple.com/en-us/125634
VENDOR_ADVISORYhttps://support.apple.com/en-us/125635
VENDOR_ADVISORYhttps://support.apple.com/en-us/125636