CVE-2025-30459
5.5 MEDIUMA privacy issue was addressed by removing the vulnerable code
Published: 2026-06-11 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 5.5 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-359
Affected products
| Vendor | Product |
|---|---|
| apple | macos |
Description
A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-30459
- [Vendor advisory]https://support.apple.com/en-us/122373
Related CVEs
Same vendor
- CVE-2025-46315 — A permissions issue was addressed with additional restrictions (7.5 HIGH)
- CVE-2025-46308 — An authorization issue was addressed with improved state management (5.3 MEDIUM)
- CVE-2025-46293 — This issue was addressed with improved handling of symlinks (5.5 MEDIUM)
- CVE-2025-43339 — An access issue was addressed with additional sandbox restrictions (5.5 MEDIUM)
- CVE-2025-31272 — The issue was addressed with improved checks (7.8 HIGH)
Same CWE
- CVE-2026-26237 — A missing authorization vulnerability has been reported to affect QuMagie (7.5 HIGH)
- CVE-2026-25699 — Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer (6.1 MEDIUM)
- CVE-2020-25900 — HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city (5.3 MEDIUM)
- CVE-2026-8990 — A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full acc...
- CVE-2025-13477 — Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operatio... (7.1 HIGH)