PatchSiren cyber security CVE debrief
CVE-2025-46308 Apple CVE debrief
CVE-2025-46308 is a medium-severity vulnerability (CVSS Score: 5.3) affecting iOS, iPadOS, and macOS. An authorization issue was addressed with improved state management, fixing a bug that allowed an app to leak sensitive user information. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4.
- Vendor
- Apple
- Product
- iOS and iPadOS
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of iOS, iPadOS, and macOS, particularly those who keep their devices up-to-date for security reasons.
Technical summary
The vulnerability, tracked as CVE-2025-46308, is caused by an authorization issue that was addressed with improved state management. This issue allowed an app to leak sensitive user information. The bug affects iOS, iPadOS, and macOS, with fixes available in iOS 18.4, iPadOS 18.4, and macOS Sequoia 15.4.
Defensive priority
Medium
Recommended defensive actions
- Update to iOS 18.4 or later
- Update to iPadOS 18.4 or later
- Update to macOS Sequoia 15.4 or later
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score, affected products, and fixed versions.
Official resources
-
CVE-2025-46308 CVE record
CVE.org
-
CVE-2025-46308 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
CVE-2025-46308 was published on 2026-06-11T19:16:34.503Z and modified on 2026-06-12T12:36:09.917Z.