CVE-2025-30433: A shortcut may be able to access files that are normally inaccessible to the Shortcuts app in Apple iOS and iPadOS
This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
AI Analysis
Technical Summary
CVE-2025-30433 is a critical vulnerability affecting Apple iOS and iPadOS where a shortcut could bypass normal access controls to read files that are typically inaccessible to the Shortcuts app. The issue relates to improper access restrictions (CWE-284). Apple fixed this vulnerability by enhancing access restrictions in iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, and several macOS, visionOS, and watchOS versions. There are no known exploits in the wild at the time of publication.
Potential Impact
Successful exploitation allows a shortcut to access and potentially exfiltrate sensitive files that should be protected from the Shortcuts app, leading to high confidentiality, integrity, and availability impacts as indicated by the CVSS vector. This could result in unauthorized data disclosure and system compromise.
Mitigation Recommendations
Apply the official fixes provided by Apple by updating to iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, or watchOS 11.4. These updates include improved access restrictions that resolve the vulnerability. No additional mitigation steps are indicated by the vendor advisory.
CVE-2025-30433: A shortcut may be able to access files that are normally inaccessible to the Shortcuts app in Apple iOS and iPadOS
Description
This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app.
CVSS v3.1
Score 9.8critical
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-30433 is a critical vulnerability affecting Apple iOS and iPadOS where a shortcut could bypass normal access controls to read files that are typically inaccessible to the Shortcuts app. The issue relates to improper access restrictions (CWE-284). Apple fixed this vulnerability by enhancing access restrictions in iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, and several macOS, visionOS, and watchOS versions. There are no known exploits in the wild at the time of publication.
Potential Impact
Successful exploitation allows a shortcut to access and potentially exfiltrate sensitive files that should be protected from the Shortcuts app, leading to high confidentiality, integrity, and availability impacts as indicated by the CVSS vector. This could result in unauthorized data disclosure and system compromise.
Mitigation Recommendations
Apply the official fixes provided by Apple by updating to iOS 18.4, iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, or watchOS 11.4. These updates include improved access restrictions that resolve the vulnerability. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2025-03-22T00:04:43.716Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 69091543c28fd46ded7bb345
Added to database: 11/03/2025, 20:49:07 UTC
Last enriched: 06/24/2026, 14:32:42 UTC
Last updated: 07/07/2026, 12:22:23 UTC
Views: 456
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.