{"api_version":"1","generated_at":"2026-04-23T02:16:19+00:00","cve":"CVE-2025-30448","urls":{"html":"https://cve.report/CVE-2025-30448","api":"https://cve.report/api/cve/CVE-2025-30448.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-30448","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-30448"},"summary":{"title":"CVE-2025-30448","description":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication.","state":"PUBLISHED","assigner":"apple","published_at":"2025-05-12 22:15:21","updated_at":"2026-04-02 19:19:38"},"problem_types":["CWE-862","An attacker may be able to turn on sharing of an iCloud folder without authentication","CWE-862 CWE-862 Missing Authorization"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"9.1","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"9.1","severity":"CRITICAL","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"}}],"references":[{"url":"https://support.apple.com/en-us/122718","name":"https://support.apple.com/en-us/122718","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2025/May/6","name":"http://seclists.org/fulldisclosure/2025/May/6","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/122404","name":"https://support.apple.com/en-us/122404","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/122717","name":"https://support.apple.com/en-us/122717","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2025/May/9","name":"http://seclists.org/fulldisclosure/2025/May/9","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/122373","name":"https://support.apple.com/en-us/122373","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/122405","name":"https://support.apple.com/en-us/122405","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/122721","name":"https://support.apple.com/en-us/122721","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2025/May/12","name":"http://seclists.org/fulldisclosure/2025/May/12","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-30448","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-30448","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apple","product":"iOS and iPadOS","version":"affected 18.5 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"iPadOS","version":"affected 17.7.7 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 13.7.6 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 14.7.6 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 15.4 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"visionOS","version":"affected 2.5 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"30448","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.1,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2025-30448","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-05-14T16:29:01.467979Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862 Missing Authorization","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-05-14T16:30:02.707Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2025-11-03T19:47:15.907Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"http://seclists.org/fulldisclosure/2025/May/12"},{"url":"http://seclists.org/fulldisclosure/2025/May/9"},{"url":"http://seclists.org/fulldisclosure/2025/May/6"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"iOS and iPadOS","vendor":"Apple","versions":[{"lessThan":"18.5","status":"affected","version":"0","versionType":"custom"}]},{"product":"iPadOS","vendor":"Apple","versions":[{"lessThan":"17.7.7","status":"affected","version":"0","versionType":"custom"}]},{"product":"macOS","vendor":"Apple","versions":[{"lessThan":"13.7.6","status":"affected","version":"0","versionType":"custom"},{"lessThan":"14.7.6","status":"affected","version":"0","versionType":"custom"},{"lessThan":"15.4","status":"affected","version":"0","versionType":"custom"}]},{"product":"visionOS","vendor":"Apple","versions":[{"lessThan":"2.5","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication."}],"problemTypes":[{"descriptions":[{"description":"An attacker may be able to turn on sharing of an iCloud folder without authentication","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-04-02T18:12:16.440Z","orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple"},"references":[{"url":"https://support.apple.com/en-us/122373"},{"url":"https://support.apple.com/en-us/122404"},{"url":"https://support.apple.com/en-us/122405"},{"url":"https://support.apple.com/en-us/122717"},{"url":"https://support.apple.com/en-us/122718"},{"url":"https://support.apple.com/en-us/122721"}]}},"cveMetadata":{"assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","cveId":"CVE-2025-30448","datePublished":"2025-05-12T21:42:26.699Z","dateReserved":"2025-03-22T00:04:43.719Z","dateUpdated":"2026-04-02T18:12:16.440Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-05-12 22:15:21","lastModifiedDate":"2026-04-02 19:19:38","problem_types":["CWE-862","An attacker may be able to turn on sharing of an iCloud folder without authentication","CWE-862 CWE-862 Missing Authorization"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"17.7.7","matchCriteriaId":"683ECAF8-DB29-40DB-963A-B95EA2A2AC01"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionStartIncluding":"18.0","versionEndExcluding":"18.5","matchCriteriaId":"069735D6-38B4-402A-9E79-1961701C9AD3"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"18.5","matchCriteriaId":"AF6AAC00-F384-4B0D-BBA9-C2AD278BF653"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"13.7.6","matchCriteriaId":"A90AA958-60F3-474C-B351-0F143B498B3E"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndExcluding":"14.7.6","matchCriteriaId":"0EE6D3FD-8A49-48CF-80A3-0FFC6BA80B99"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.4","matchCriteriaId":"1320B815-0457-4276-83B9-AFAFDAF17EDA"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5","matchCriteriaId":"047CDCCE-04BB-4D43-9831-7694992C5CC4"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"30448","Ordinal":"1","Title":"CVE-2025-30448","CVE":"CVE-2025-30448","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"30448","Ordinal":"1","NoteData":"This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6, visionOS 2.5. An attacker may be able to turn on sharing of an iCloud folder without authentication.","Type":"Description","Title":"CVE-2025-30448"}]}}}