CVE-2025-30448

CRITICAL Year: 2025
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-862
View all →

Vulnerability Description

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.6, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, visionOS 2.5, macOS Ventura 13.7.6, macOS Sequoia 15.4. An attacker may be able to turn on sharing of an iCloud folder without authentication.

Related Vulnerabilities

CVE-2018-10866

CRITICAL
CVSS:9.1(Critical)

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file wi...

CWE-8622018

CVE-2018-7702

CRITICAL
CVSS:9.1(Critical)

SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and a...

CWE-8622018

CVE-2019-18581

CRITICAL
CVSS:9.1(Critical)

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A re...

CWE-8622019

CVE-2019-19885

CRITICAL
CVSS:9.1(Critical)

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system. A user with knowledge about the routes can read and write configuration data without prior authorizatio...

CWE-8622019

CVE-2020-19038

CRITICAL
CVSS:9.1(Critical)

File Deletion vulnerability in Halo 0.4.3 via delBackup.

CWE-8622020

CVE-2020-1963

CRITICAL
CVSS:9.1(Critical)

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem.

CWE-8622020