Medium severity5.5NVD Advisory· Published Mar 31, 2025· Updated Apr 2, 2026

CVE-2025-30470

Description

A path handling issue was addressed with improved logic. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, watchOS 11.4. An app may be able to read sensitive location information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A path handling vulnerability in Apple operating systems allows an app to read sensitive location information; fixed in iOS 18.4, macOS Sequoia 15.4, and others.

Vulnerability

Overview

CVE-2025-30470 is a path handling issue in Apple's operating systems that could allow an app to read sensitive location information. The vulnerability was addressed with improved logic in the affected components.

Exploitation

An attacker would need to have an app installed on the device to exploit this vulnerability. No special privileges beyond app-level access are required, as the bug lies in how the system handles file paths, potentially exposing location data to a malicious or compromised application.

Impact

Successful exploitation could lead to the disclosure of sensitive location information, compromising user privacy. The CVSS v3 score of 5.5 (Medium) reflects the local attack vector and the confidentiality impact.

Mitigation

Apple has released patches for this issue in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, visionOS 2.4, and watchOS 11.4 [1][2][3][4]. Users are advised to update their devices to the latest available versions.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <18.4
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <18.4
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: <13.7.5
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/122371nvdRelease NotesVendor Advisory
support.apple.com/en-us/122373nvdRelease NotesVendor Advisory
support.apple.com/en-us/122374nvdRelease NotesVendor Advisory
support.apple.com/en-us/122375nvdRelease NotesVendor Advisory
support.apple.com/en-us/122378nvdRelease NotesVendor Advisory
seclists.org/fulldisclosure/2025/Apr/10nvd
seclists.org/fulldisclosure/2025/Apr/12nvd
seclists.org/fulldisclosure/2025/Apr/13nvd
seclists.org/fulldisclosure/2025/Apr/4nvd
seclists.org/fulldisclosure/2025/Apr/8nvd
seclists.org/fulldisclosure/2025/Apr/9nvd
support.apple.com/en-us/122376nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000