CVE-2025-46308
5.3 MEDIUMAn authorization issue was addressed with improved state management
Published: 2026-06-11 · Last updated: 2026-06-12
Severity and scoring
- CVSS
- 5.3 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- CWE
- CWE-284
Affected products
| Vendor | Product |
|---|---|
| apple | ipados, iphone_os, macos |
Description
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2025-46308
- [Vendor advisory]https://support.apple.com/en-us/122371
- [Vendor advisory]https://support.apple.com/en-us/122373
Related CVEs
Same vendor
- CVE-2025-46315 — A permissions issue was addressed with additional restrictions (7.5 HIGH)
- CVE-2025-46293 — This issue was addressed with improved handling of symlinks (5.5 MEDIUM)
- CVE-2025-43339 — An access issue was addressed with additional sandbox restrictions (5.5 MEDIUM)
- CVE-2025-31272 — The issue was addressed with improved checks (7.8 HIGH)
- CVE-2025-30459 — A privacy issue was addressed by removing the vulnerable code (5.5 MEDIUM)
Same CWE
- CVE-2026-12212 — A vulnerability has been found in hcengineering Huly Platform up to 0.7.0 (4.3 MEDIUM)
- CVE-2026-12203 — A vulnerability was found in HKUDS AI-Trader up to 74caf996f78dcc0c657df8365c8544678a16e215 (5.3 MEDIUM)
- CVE-2026-53520 — Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool (6.5 MEDIUM)
- CVE-2026-44783 — Discourse is an open-source discussion platform (5.4 MEDIUM)
- CVE-2026-47182 — Frappe is a full-stack web application framework