CVE-2025-30448: Use After Free
Published Mar 31, 2025
·Updated
Accessibility. A logging issue was addressed with improved data redaction.
Other sources
AccountPolicy. This issue was addressed by removing the vulnerable code.
— Apple
afpfs. The issue was addressed with improved memory handling.
— Apple
afpfs. This issue was addressed with improved checks.
— Apple
AirDrop. A permissions issue was addressed with additional restrictions.
— Apple
AirPlay. A null pointer dereference was addressed with improved input validation.
— Apple
Credit
Hossein Lotfi@@hosselot(Trend Micro Zero Day Initiative), Csaba Fitzl@@theevilbit(Kandji), an anonymous researcher, Dayton Pidhirney(Atredis Partners), Lyutoon, YenKoc, Mateusz Krzywicki@@krzywix, Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Lucas Leong@@_wmliang_(Trend Micro Zero Day Initiative), Christian Kohlschütter, CVE-2024-8176, Paweł Płatek (Trail(Bits), LFY@@secsys(Fudan University), wac, Dave G., Kirin@@Pwnrin, 7feilee, Eric Dorphy(Twin Cities App Dev LLC), Adam M., Lyutoon(Atredis Partners), YenKoc(Atredis Partners), CVE-2025-26465, CVE-2025-26466, Joseph Ravichandran@@0xjprx(MIT CSAIL), Dillon Franke(Google Project Zero), wac(Trend Micro Zero Day Initiative), Ron Masas(BREAKPOINT), Wang Yu(Cyberserval), Andrew James Gonzalez, Saagar Jha, Richard Hyunho Im@@richeeta, Andr.Ess, Noah Gregory (wts.dev), Google V8 Security Team, Ignacio Sanmillan@@ulexec, Jiming Wang, Jikai Ren, Yuhao Hu, Yan Kang, Chenggang Wu, Xiaojie Wei, Thibaud Kehler, jioundai(360 Vulnerability Research Institute), chen fengjiao(HBC), 秦若涵, 崔志伟, 崔宝江, Deval Jariwala, Guilherme Rambo(Best Buddy Apps), Dalibor Milanovic, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), Duy Trần@@khanhduytran0, Tony Iskow@@Tybbow, Shehab Khan, CertiK@@CertiK, Andreas Jaegersberger & Ro Achterberg(Nosebeard Labs), rheza@@ginggilBesel(Palo Alto Networks), Edouard Bochin@@le_douds(Palo Alto Networks), Tao Yan@@Ga1ois(Palo Alto Networks), Nan Wang@@eternalsakura13, Ivan Fratric(Google Project Zero), Juergen Schmied(Lynck GmbH), Zhongcheng Li(IES Red Team of ByteDance), Uri Katz (Oligo Security), Mickey Jin@@patch1t, Wojciech Regula(SecuRing), Claudio Bozzato(Cisco Talos), Francesco Benvenuto(Cisco Talos), Bohdan Stasiuk@@bohdan_stasiuk, Jeffrey Hofmann, Dominik Rath, Martin Kreichgauer(Google Chrome), Ian Mckay@@iann0036, Yutong Xiu@@Sou1gh0st, Denis Tokarev@@illusionofcha0s, Google Threat Analysis Group, Nolan Astrein(Kandji), pattern-f@@pattern_F_, Jonathan Bar Or@@yo_yo_yo_jbo(Microsoft), Minghao Lin@@Y1nKoc, Stephan Casas, Gergely Kalman@@gergely_kalman, CVE-2024-9681, Rodolphe BRUNETTI@@eisw0lf(Lupus Nova), Pietro Francesco Tirenna(Shielder), Davide Silvetti(Shielder), Abdel Adim Oisfi(Shielder), luckyu@@uuulucky, Rodolphe BRUNETTI@@eisw0lf, Manuel Fernandez (Stackhopper Security), ABC Research s.r.o., Anonymous(Trend Micro Zero Day Initiative), Murray Mike, mzzzz__, Ye Zhang@@VAR10CK(Baidu Security), Dave G.(Supernetworks), Koh M. Nakagawa@@tsunek0h(FFRI Security Inc), Ian Beer(Google Project Zero), Kenneth Chew, CVE-2024-48958, CVE-2025-27113, CVE-2024-56171, Alex Radocea(Supernetworks), 风沐云烟@@binary_fmyy, Alexia Wilson(Microsoft), Christine Fossaceca(Microsoft), Diamant Osmani & Valdrin Haliti [Kosovë], dbpeppe, Solitechworld, Pwn2car, Alhour@@NSAntoine, Jimmy, Mickey Jin@@patch1t(Kandji), (Kandji), Pedro Tôrres@@t0rr3sp3dr0, CVE-2023-27043, Jaydev Ahire, @@RenwaX23, Syarif Muhammad Sajjad, Yiğit Can YILMAZ@@yilmazcanyigit, Arsenii Kostromin (0x3c3e), Bing Shi(Alibaba Group), Wenchao Li(Alibaba Group), Xiaolong Bai(Alibaba Group), Luyi Xing(Indiana University Bloomington), Rodolphe Brunetti@@eisw0lf(Lupus Nova), Halle Winkler, Politepix theoffcuts.org, Dolf Hoegaerts, Michiel Devliegere, K宝@@Pwnrin, Tong Liu@@Lyutoon_, 风(binary_fmyy), F00L, Richard Hyunho Im with routezero.security@@richeeta, zbleet(QI), Cristian Dinca(Computer Science), Romania, 风沐云烟 (binary_fmyy), Kirin, FlowerCode, Zhongquan Li@@Guluisacat, Pedro José Pereira Vieito / pvieito.com)@@pvieito, Alexander Heinrich@@Sn0wfreeze, SEEMOO, TU Darmstadt & Mathy Vanhoef@@vanhoefm, Jeroen Robben@@RobbenJeroen, DistriNet, KU Leuven, Vsevolod Kokorin (Slonser)(Solidlab), Gary Kwong, Paul Bakker(ParagonERP), Francisco Alonso@@revskills, rheza@@ginggilBesel, PixiePoint Security, Andreas Hegenberg (folivora.AI GmbH)
Affected Software
14 affected componentsFixes available
Apple macOS<14.7.6
14.7.6
Apple visionOS<2.5
2.5
Apple iOS and iPadOS<18.5
18.5
Apple iOS, iPadOS, and macOS<18.5
18.5
macOS Ventura<13.7.6
13.7.6
Apple iOS, iPadOS, and macOS<17.7.7
17.7.7
Apple iOS, iPadOS, and macOS<17.7.7
Apple iOS, iPadOS, and macOS>=18.0<18.5
iPhone OS<18.5
macOS<13.7.6
macOS>=14.0<14.7.6
macOS>=15.0<15.4
Apple visionOS<2.5
macOS<15.4
15.4
Event History
Mar 31, 2025
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
May 12, 2025
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
CVE Published
via MITRE·09:42 PM
Data Sourced
via MITRE·09:42 PM
DescriptionWeakness
Data Sourced
via NVD·10:15 PM
DescriptionSeverityWeaknessAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2025-31240
- CVE-2025-31237
- CVE-2025-31251
- CVE-2025-31235
- CVE-2025-31208
- CVE-2025-31196
- CVE-2025-31209
- CVE-2025-31239
- CVE-2025-31233
- CVE-2025-30453
- CVE-2025-24258
- CVE-2025-30448
- CVE-2025-31232
- CVE-2025-24144
- CVE-2025-31219
- CVE-2025-31241
- CVE-2024-8176
- CVE-2025-30440
- CVE-2025-31222
- CVE-2025-24274
- CVE-2025-24142
- CVE-2025-31245
- CVE-2025-31224
- CVE-2025-31221
- CVE-2025-31213
- CVE-2025-31247
- CVE-2025-30442
- CVE-2025-31242
- CVE-2025-31220
- CVE-2025-24155
- CVE-2025-31246
- CVE-2025-26465
- CVE-2025-26466
- CVE-2025-24097
- CVE-2025-24111
- CVE-2025-31210
- CVE-2025-31226
- CVE-2025-24225
- CVE-2025-31228
- CVE-2025-24259
- CVE-2025-24213
- CVE-2025-31217
- CVE-2025-31215
- CVE-2025-31206
- CVE-2025-31216
- CVE-2025-43374
- CVE-2025-31214
- CVE-2025-31225
- CVE-2025-31212
- CVE-2025-31253
- CVE-2025-31207
- CVE-2025-24224
- CVE-2025-31227
- CVE-2025-31234
- CVE-2025-31223
- CVE-2025-31238
- CVE-2025-24223
- CVE-2025-31204
- CVE-2025-31205
- CVE-2025-31257
- CVE-2025-24202
- CVE-2025-24234
- CVE-2025-31202
- CVE-2025-30445
- CVE-2025-24270
- CVE-2025-24206
- CVE-2025-24252
- CVE-2025-24271
- CVE-2025-24251
- CVE-2025-31197
- CVE-2025-24276
- CVE-2025-24272
- CVE-2025-24239
- CVE-2025-24233
- CVE-2025-30443
- CVE-2025-31272
- CVE-2025-43205
- CVE-2025-24244
- CVE-2025-24243
- CVE-2025-30430
- CVE-2025-24180
- CVE-2025-24245
- CVE-2025-30460
- CVE-2025-24237
- CVE-2025-30429
- CVE-2025-24212
- CVE-2025-24215
- CVE-2025-24163
- CVE-2025-24230
- CVE-2025-24211
- CVE-2025-24236
- CVE-2025-24190
- CVE-2025-30454
- CVE-2025-31191
- CVE-2025-24170
- CVE-2025-24182
- CVE-2025-31203
- CVE-2025-24277
- CVE-2024-9681
- CVE-2025-31189
- CVE-2025-24255
- CVE-2025-30456
- CVE-2025-24267
- CVE-2025-30455
- CVE-2025-31187
- CVE-2025-30462
- CVE-2025-30451
- CVE-2025-24281
- CVE-2025-30439
- CVE-2025-24283
- CVE-2025-30461
- CVE-2025-30447
- CVE-2025-24199
- CVE-2025-30431
- CVE-2025-30464
- CVE-2025-24273
- CVE-2025-24256
- CVE-2025-30463
- CVE-2025-24210
- CVE-2025-24249
- CVE-2025-24229
- CVE-2025-24257
- CVE-2025-31263
- CVE-2025-30437
- CVE-2025-24235
- CVE-2025-24204
- CVE-2025-24203
- CVE-2025-24196
- CVE-2025-24148
- CVE-2024-48958
- CVE-2025-24195
- CVE-2025-31231
- CVE-2025-24194
- CVE-2025-27113
- CVE-2024-56171
- CVE-2025-24178
- CVE-2025-31182
- CVE-2025-24238
- CVE-2025-31199
- CVE-2025-31264
- CVE-2025-24172
- CVE-2025-30450
- CVE-2025-30470
- CVE-2025-46308
- CVE-2025-30426
- CVE-2025-24262
- CVE-2025-24232
- CVE-2025-24246
- CVE-2025-24261
- CVE-2025-24164
- CVE-2025-30446
- CVE-2025-30424
- CVE-2025-24173
- CVE-2023-27043
- CVE-2025-24284
- CVE-2025-30459
- CVE-2025-24191
- CVE-2025-30466
- CVE-2025-24113
- CVE-2025-30467
- CVE-2025-31192
- CVE-2025-24167
- CVE-2025-24093
- CVE-2025-30452
- CVE-2025-24181
- CVE-2025-30458
- CVE-2025-30471
- CVE-2025-24250
- CVE-2025-24268
- CVE-2025-30438
- CVE-2025-43184
- CVE-2025-30465
- CVE-2025-24280
- CVE-2025-31194
- CVE-2025-30433
- CVE-2025-31183
- CVE-2025-30435
- CVE-2025-24217
- CVE-2025-24214
- CVE-2025-24248
- CVE-2025-24205
- CVE-2025-24198
- CVE-2025-24269
- CVE-2025-30444
- CVE-2025-24228
- CVE-2025-24165
- CVE-2025-24260
- CVE-2025-24282
- CVE-2025-24254
- CVE-2025-24231
- CVE-2025-24263
- CVE-2025-24207
- CVE-2025-31261
- CVE-2025-30449
- CVE-2025-24253
- CVE-2025-46293
- CVE-2025-43278
- CVE-2025-24240
- CVE-2025-31188
- CVE-2025-24218
- CVE-2025-24278
- CVE-2025-24242
- CVE-2025-30457
- CVE-2025-31195
- CVE-2025-24279
- CVE-2025-31184
- CVE-2025-24192
- CVE-2025-24264
- CVE-2025-24216
- CVE-2025-24209
- CVE-2025-30427
- CVE-2025-30425
- CVE-2025-24247
- CVE-2025-24241
- CVE-2025-24266
- CVE-2025-24265
- CVE-2025-24157
- CVE-2025-31198
Frequently Asked Questions
1
What is the severity of CVE-2025-30448?
CVE-2025-30448 has a critical severity rating due to its impact on system security.
2
How do I fix CVE-2025-30448?
To fix CVE-2025-30448, update your Apple device to the latest macOS Ventura, macOS Sonoma, iPadOS, or visionOS version.
3
What systems are affected by CVE-2025-30448?
CVE-2025-30448 affects Apple products including macOS Ventura, macOS Sonoma, iPadOS, and visionOS versions up to the specified limits.
4
What specific issues does CVE-2025-30448 address?
CVE-2025-30448 addresses multiple issues including improved memory handling and additional restrictions for permissions.
5
Is there a workaround for CVE-2025-30448?
There are no official workarounds for CVE-2025-30448; updating the software is the recommended solution.