Login Sign Up

CVE-2025-30438

5.5 MEDIUM

📋 TL;DR

This vulnerability allows a malicious app to dismiss the system notification that appears on the Lock Screen when recording starts, potentially hiding unauthorized recording activity. It affects Apple devices running vulnerable versions of visionOS, macOS, tvOS, iOS, and iPadOS. Users who haven't updated to the patched versions are at risk.

💻 Affected Systems

Products:
  • visionOS
  • macOS
  • tvOS
  • iOS
  • iPadOS
Versions: Versions prior to visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5
Operating Systems: Apple visionOS, Apple macOS, Apple tvOS, Apple iOS, Apple iPadOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable. Requires malicious app installation.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Visionos by Apple

View all CVEs affecting Visionos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could secretly record audio/video without user awareness, enabling surveillance, data theft, or blackmail.

🟠

Likely Case

Malicious apps could hide recording notifications, violating user privacy expectations and potentially capturing sensitive information.

🟢

If Mitigated

With proper patching, the notification remains visible, allowing users to be aware of recording activity.

🌐 Internet-Facing: LOW - This is a local app vulnerability requiring malicious app installation, not directly exploitable over the internet.
🏢 Internal Only: MEDIUM - Malicious apps could be installed through social engineering, sideloading, or enterprise distribution channels.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to install a malicious app. No public exploit details available. Apple has addressed this in security updates.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5

Vendor Advisory: https://support.apple.com/en-us/122371

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update. 2. Download and install the latest update for your device. 3. Restart your device when prompted.

🔧 Temporary Workarounds

Restrict App Installation Sources

all

Only install apps from the official App Store to reduce risk of malicious apps.

Disable Lock Screen Notifications for Recording

all

While not ideal, disabling lock screen notifications for recording apps reduces the attack surface.

🧯 If You Can't Patch

  • Monitor for suspicious app behavior and review app permissions regularly.
  • Implement mobile device management (MDM) to control app installation and enforce security policies.

🔍 How to Verify

Check if Vulnerable:

Check your device version in Settings > General > About. Compare with patched versions listed in the advisory.

Check Version:

Settings > General > About > Version (iOS/iPadOS/tvOS/visionOS) or About This Mac > macOS version

Verify Fix Applied:

After updating, verify the version matches or exceeds the patched versions. Test recording notification behavior.

📡 Detection & Monitoring

Log Indicators:

  • Unusual app permission requests for microphone/camera
  • Apps attempting to manipulate system notifications

Network Indicators:

  • Unexpected data exfiltration from recording apps

SIEM Query:

Search for apps with microphone/camera permissions making unusual system calls or notification dismissals.

📊 Metadata

CVE ID: CVE-2025-30438
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE: CWE-284
EPSS Score: 0.07% exploit probability (21.7th percentile)
Published: March 31, 2025
Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30438, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)