Login Sign Up

CVE-2025-30433

9.8 CRITICAL

📋 TL;DR

This vulnerability allows malicious shortcuts in Apple's Shortcuts app to bypass file access restrictions and read sensitive files that should be inaccessible. It affects users of visionOS, macOS, iOS, and iPadOS who have not updated to the patched versions. Attackers could exploit this to steal confidential data from compromised devices.

💻 Affected Systems

Products:
  • visionOS
  • macOS
  • iOS
  • iPadOS
Versions: All versions before the patched releases
Operating Systems: visionOS, macOS, iOS, iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects devices with Shortcuts app functionality enabled. The vulnerability exists in the access control mechanism between Shortcuts and the file system.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Visionos by Apple

View all CVEs affecting Visionos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could create a malicious shortcut that exfiltrates sensitive files (passwords, documents, credentials) from the device, leading to complete data compromise and potential identity theft.

🟠

Likely Case

Malicious shortcuts distributed through social engineering or compromised sources could access user documents, photos, or app data that should be protected by sandboxing.

🟢

If Mitigated

With proper app sandboxing and user permission controls, only files explicitly granted to the Shortcuts app would be accessible, limiting data exposure.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction to install/run a malicious shortcut. No public exploit code has been disclosed as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: visionOS 2.4, macOS Ventura 13.7.5, iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5

Vendor Advisory: https://support.apple.com/en-us/122371

Restart Required: Yes

Instructions:

1. Open Settings > General > Software Update on iOS/iPadOS/visionOS or System Settings > General > Software Update on macOS. 2. Download and install the available update. 3. Restart the device when prompted.

🔧 Temporary Workarounds

Disable Shortcuts App

all

Temporarily disable or restrict the Shortcuts app to prevent exploitation until patching is possible.

Restrict Shortcut Installation

all

Configure device policies to only allow trusted shortcuts and prevent installation from untrusted sources.

🧯 If You Can't Patch

  • Implement mobile device management (MDM) policies to restrict shortcut installation and execution.
  • Educate users to only install shortcuts from trusted sources and avoid unknown or suspicious shortcuts.

🔍 How to Verify

Check if Vulnerable:

Check the device's operating system version against the patched versions listed in the advisory.

Check Version:

iOS/iPadOS/visionOS: Settings > General > About > Software Version. macOS: Apple menu > About This Mac > macOS version.

Verify Fix Applied:

Confirm the device is running one of the patched versions: visionOS 2.4+, macOS Ventura 13.7.5+, iOS 18.4+, iPadOS 18.4+, iPadOS 17.7.6+, macOS Sequoia 15.4+, or macOS Sonoma 14.7.5+.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns by the Shortcuts app
  • Shortcuts accessing files outside their expected sandbox

Network Indicators:

  • Unexpected data exfiltration from devices running vulnerable versions

SIEM Query:

Search for Shortcuts app process accessing sensitive file paths or unusual file I/O patterns on Apple devices.

📊 Metadata

CVE ID: CVE-2025-30433
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-284
EPSS Score: 0.61% exploit probability (69.4th percentile)
Published: March 31, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30433, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)