CVE-2025-30456
published 2025-03-31CVE-2025-30456: A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_18.4_and_ipados | — | — |
| apple | ios_and_ipados | < 18.4 | 18.4 |
| apple | ipados | < 18.4 | 18.4 |
| apple | iphone_os | < 18.4 | 18.4 |
| apple | macos | < 14.7.5 | 14.7.5 |
| apple | macos | < 15.4 | 15.4 |
| apple | macos | < 13.7.5 | 13.7.5 |
| apple | macos | >= 14.0 < 14.7.5 | 14.7.5 |
| apple | macos | >= 15.0 < 15.4 | 15.4 |
| apple | macos_sequoia | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_ventura | — | — |
| msrc | cbl2_kernel_5.15.107.1-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_kernel_5.10.177.1-1_on_cbl_mariner_1.0 | — | — |
Apple
CVE-2025-30456: macOS Ventura 13.7.5
vendor_apple·2025-03-31·CVSS 7.8
CVE-2025-30456 [HIGH] CVE-2025-30456: macOS Ventura 13.7.5
Apple Security Update: About the security content of macOS Ventura 13.7.5
Product: macOS Ventura
Version: 13.7.5
CVE: CVE-2025-30456
Component: DiskArbitration
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
Apple
CVE-2025-30456: macOS Sequoia 15.4
vendor_apple·2025-03-31·CVSS 7.8
CVE-2025-30456 [HIGH] CVE-2025-30456: macOS Sequoia 15.4
Apple Security Update: About the security content of macOS Sequoia 15.4
Product: macOS Sequoia
Version: 15.4
CVE: CVE-2025-30456
Component: DiskArbitration
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
Apple
CVE-2025-30456: macOS Sonoma 14.7.5
vendor_apple·2025-03-31·CVSS 7.8
CVE-2025-30456 [HIGH] CVE-2025-30456: macOS Sonoma 14.7.5
Apple Security Update: About the security content of macOS Sonoma 14.7.5
Product: macOS Sonoma
Version: 14.7.5
CVE: CVE-2025-30456
Component: DiskArbitration
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
Apple
CVE-2025-30456: iOS 18.4 and iPadOS 18.4
vendor_apple·2025-03-31·CVSS 7.8
CVE-2025-30456 [HIGH] CVE-2025-30456: iOS 18.4 and iPadOS 18.4
Apple Security Update: About the security content of iOS 18.4 and iPadOS 18.4
Product: iOS 18.4 and iPadOS
Version: 18.4
CVE: CVE-2025-30456
Component: DiskArbitration
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
Microsoft
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
vendor_msrc·2023-04-11·CVSS 6.5
CVE-2023-30456 [MEDIUM] An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Cu
GHSA
GHSA-cr5x-x94v-gf96: A parsing issue in the handling of directory paths was addressed with improved path validation
ghsa_unreviewed·2025-04-01
CVE-2025-30456 [HIGH] CWE-281 GHSA-cr5x-x94v-gf96: A parsing issue in the handling of directory paths was addressed with improved path validation
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.apple.com/en-us/122371https://support.apple.com/en-us/122373https://support.apple.com/en-us/122374https://support.apple.com/en-us/122375http://seclists.org/fulldisclosure/2025/Apr/10http://seclists.org/fulldisclosure/2025/Apr/4http://seclists.org/fulldisclosure/2025/Apr/8http://seclists.org/fulldisclosure/2025/Apr/9
2025-03-31
Published