PatchSiren cyber security CVE debrief
CVE-2025-30431 Apple CVE debrief
CVE-2025-30431 is a medium-severity vulnerability in Apple macOS, allowing malicious apps to access private information. The issue was addressed with improved checks and is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5.
- Vendor
- Apple
- Product
- macOS
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of Apple macOS, particularly those using versions prior to macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5.
Technical summary
The vulnerability, with a CVSS score of 5.5, allows a malicious app to access private information due to insufficient checks. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
Medium
Recommended defensive actions
- Update to macOS Sequoia 15.4, macOS Sonoma 14.7.5, or macOS Ventura 13.7.5 or later.
- Restrict app installation to trusted sources.
Evidence notes
The CVE record and NVD detail can be found at resourceLinkAnnotations 'cve-org' and 'nvd'.
Official resources
-
CVE-2025-30431 CVE record
CVE.org
-
CVE-2025-30431 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
CVE-2025-30431 was published on 2026-06-11T19:16:27.360Z and modified on 2026-06-12T12:38:08.940Z.