Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…
EPSS 1.2%top 36%

CVE-2025-30433: A shortcut may be able to access files that are normally inaccessible to the Shortcuts app in Apple iOS and iPadOS

0
Critical
VulnerabilityCVE-2025-30433cvecve-2025-30433
Published: 03/31/2025 (03/31/2025, 22:22:47 UTC)
Source: CVE Database V5
Vendor/Project: Apple
Product: iOS and iPadOS

Description

This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.

CVSS v3.1

Score 9.8critical

Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected software

Affected versions
=0

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/24/2026, 14:32:42 UTC

Technical Analysis

CVE-2025-30433 is a critical vulnerability affecting Apple iOS and iPadOS where a shortcut could bypass normal access controls to read files that are typically inaccessible to the Shortcuts app. The issue relates to improper access restrictions (CWE-284). Apple fixed this vulnerability by enhancing access restrictions in iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, and several macOS, visionOS, and watchOS versions. There are no known exploits in the wild at the time of publication.

Potential Impact

Successful exploitation allows a shortcut to access and potentially exfiltrate sensitive files that should be protected from the Shortcuts app, leading to high confidentiality, integrity, and availability impacts as indicated by the CVSS vector. This could result in unauthorized data disclosure and system compromise.

Mitigation Recommendations

Apply the official fixes provided by Apple by updating to iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, or watchOS 11.4. These updates include improved access restrictions that resolve the vulnerability. No additional mitigation steps are indicated by the vendor advisory.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Data Version
5.2
Assigner Short Name
apple
Date Reserved
2025-03-22T00:04:43.716Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 69091543c28fd46ded7bb345

Added to database: 11/03/2025, 20:49:07 UTC

Last enriched: 06/24/2026, 14:32:42 UTC

Last updated: 07/07/2026, 12:22:23 UTC

Views: 456

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses