CVE-2025-30428: Input Validation
Published Mar 31, 2025
·Updated
Accessibility. A logging issue was addressed with improved data redaction.
Other sources
Accounts. This issue was addressed with improved data access restriction.
— Apple
AirDrop. A permissions issue was addressed with additional restrictions.
— Apple
AirPlay. A null pointer dereference was addressed with improved input validation.
— Apple
AirPlay. A type confusion issue was addressed with improved checks.
— Apple
AirPlay. A use-after-free issue was addressed with improved memory management.
— Apple
Credit
Lehan Dilusha@@zafer, an anonymous researcher, Uri Katz (Oligo Security), Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Kirin@@Pwnrin, CVE-2025-24085, CVE-2024-9681, LFY@@secsys(Fudan University), Anonymous(Trend Micro Zero Day Initiative), Michael (Biscuit) Thomas - @social.lol@@biscuit, Ian Beer(Google Project Zero), CVE-2025-27113, CVE-2024-56171, Jimmy, Jax Reissner, Mickey Jin@@patch1t, @@RenwaX23, Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Andrew James Gonzalez, Richard Hyunho Im with routezero.security@@richeeta, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Minghao Lin@@Y1nKoc, Apple, Paul Bakker(ParagonERP), Gary Kwong, rheza@@ginggilBesel, Francisco Alonso@@revskills, Lukas Bernhard, Tashita Software Security, Xiangwei Zhang(Tencent Security YUNDING LAB), linjy(HKUS3Lab), chluo(WHUSecLab), Brendon Tiszka(Google Project Zero), Zhongcheng Li(IES Red Team of ByteDance), Ron Masas(BREAKPOINT), Dominik Rath, Martin Kreichgauer(Google Chrome), Google Threat Analysis Group, wac(Trend Micro Zero Day Initiative), pattern-f@@pattern_F_, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Gergely Kalman@@gergely_kalman, Andr.Ess, mzzzz__, Wang Yu(Cyberserval), Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, CVE-2024-48958, Alex Radocea(Supernetworks), Dave G.(Supernetworks), 风沐云烟@@binary_fmyy, Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Alhour@@NSAntoine, Florian Draschbacher, Dalibor Milanovic, Jaydev Ahire, Syarif Muhammad Sajjad, Wojciech Regula(SecuRing), Halle Winkler, Politepix theoffcuts.org, Abhay Kailasia@@abhay_kailasia(C), Chi Yuan Chang(ZUSO ART), taikosoup, Bohdan Stasiuk@@bohdan_stasiuk, Alexander Heinrich@@Sn0wfreeze, SEEMOO, TU Darmstadt & Mathy Vanhoef@@vanhoefm, Jeroen Robben@@RobbenJeroen, DistriNet, KU Leuven, Vsevolod Kokorin (Slonser)(Solidlab)
Affected Software
6 affected componentsFixes available
apple iPadOS<17.7.6
apple iPadOS>=18.0<18.4
apple iPhone OS<18.4
apple iOS<18.4
18.4
apple iPadOS<18.4
18.4
apple iPadOS<17.7.6
17.7.6
Event History
Mar 31, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Affected Software
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
CVE Published
via MITRE·10:22 PM
Data Sourced
via MITRE·10:22 PM
DescriptionWeakness
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2025-24221
- CVE-2025-24131
- CVE-2025-24270
- CVE-2025-24271
- CVE-2025-24177
- CVE-2025-24179
- CVE-2025-24251
- CVE-2025-31197
- CVE-2025-24252
- CVE-2025-30445
- CVE-2025-24206
- CVE-2025-43205
- CVE-2025-24243
- CVE-2025-24244
- CVE-2025-24237
- CVE-2025-30429
- CVE-2025-24212
- CVE-2025-24215
- CVE-2025-24230
- CVE-2025-24085
- CVE-2025-24190
- CVE-2025-24211
- CVE-2025-31203
- CVE-2024-9681
- CVE-2025-30447
- CVE-2025-24210
- CVE-2025-30432
- CVE-2025-24203
- CVE-2025-27113
- CVE-2024-56171
- CVE-2025-24178
- CVE-2025-30426
- CVE-2025-30428
- CVE-2025-24173
- CVE-2025-24113
- CVE-2025-30471
- CVE-2025-30465
- CVE-2025-30433
- CVE-2025-24198
- CVE-2025-24205
- CVE-2025-24201
- CVE-2025-30425
- CVE-2025-24216
- CVE-2025-24264
- CVE-2025-30427
- CVE-2025-24209
- CVE-2024-54543
- CVE-2024-54534
- CVE-2024-54508
- CVE-2024-54502
- CVE-2025-24202
- CVE-2025-24097
- CVE-2025-31202
- CVE-2025-30430
- CVE-2025-24180
- CVE-2025-24163
- CVE-2025-31196
- CVE-2025-30454
- CVE-2025-31191
- CVE-2025-24182
- CVE-2025-30456
- CVE-2025-30439
- CVE-2025-24283
- CVE-2025-30463
- CVE-2025-24257
- CVE-2025-30434
- CVE-2024-48958
- CVE-2025-24194
- CVE-2025-31182
- CVE-2025-24238
- CVE-2025-31199
- CVE-2025-30470
- CVE-2025-46308
- CVE-2025-24193
- CVE-2025-30469
- CVE-2025-24095
- CVE-2025-30466
- CVE-2025-30467
- CVE-2025-31192
- CVE-2025-24167
- CVE-2025-24220
- CVE-2025-30438
- CVE-2025-30436
- CVE-2025-31183
- CVE-2025-24217
- CVE-2025-24214
- CVE-2025-31184
- CVE-2025-24192
- CVE-2025-24208
Frequently Asked Questions
1
What is the severity of CVE-2025-30428?
CVE-2025-30428 is classified with a high severity due to potential impacts on data access and application functionality.
2
What versions are affected by CVE-2025-30428?
CVE-2025-30428 affects Apple iOS and iPadOS versions up to 18.4 and 17.7.6.
3
How do I fix CVE-2025-30428?
To fix CVE-2025-30428, upgrade your device to iOS or iPadOS versions 18.4 or later.
4
What type of issues does CVE-2025-30428 address?
CVE-2025-30428 addresses issues related to accessibility, data access restrictions, and input validation.
5
Are there any workarounds for CVE-2025-30428?
Currently, the recommended solution for CVE-2025-30428 is to apply the latest updates from Apple.