CVE-2025-30458 Overview
CVE-2025-30458 is a sandbox escape vulnerability in Apple macOS. The flaw allows a malicious application to read files outside of its sandbox container. Apple addressed the issue by introducing additional permission restrictions in macOS Sequoia 15.4.
The vulnerability is categorized under [CWE-125] (Out-of-bounds Read). Successful exploitation can disclose sensitive user and system data that would otherwise be isolated by macOS sandbox boundaries. Apple published the fix in support document 122373 on March 31, 2025.
Critical Impact
A sandboxed application can bypass macOS isolation controls and read arbitrary files outside its sandbox, exposing user data, credentials, and system information to attackers.
Affected Products
- Apple macOS versions prior to Sequoia 15.4
- Applications relying on macOS sandbox enforcement for file isolation
- macOS endpoints running unpatched builds across Apple silicon and Intel hardware
Discovery Timeline
- 2025-03-31 - CVE-2025-30458 published to NVD
- 2025-03-31 - Apple releases macOS Sequoia 15.4 with the security fix
- 2025-11-03 - Last updated in NVD database
Technical Details for CVE-2025-30458
Vulnerability Analysis
The vulnerability stems from an improper permissions check in macOS that fails to enforce sandbox boundaries on file read operations. An application granted limited sandbox privileges can request access to files in directories outside its container and receive the file contents back. macOS Sequoia 15.4 closes the gap by adding additional restrictions to the affected permission logic.
The issue maps to [CWE-125], which covers out-of-bounds read conditions. In this context, the out-of-bounds access applies to the sandbox file boundary rather than to a memory buffer. Apple's advisory in support document 122373 confirms that the fix tightens the permission model rather than altering file system internals.
Root Cause
The root cause is a missing or insufficient permissions check inside a macOS component that mediates sandbox file access. The flawed logic accepted operations that should have been denied based on the requesting process sandbox profile. Apple resolved the defect by adding restrictions to the permission evaluation path.
Attack Vector
An attacker delivers a crafted application to the target through standard distribution channels such as a malicious download, supply chain compromise, or trojanized installer. Once the user runs the application, the process leverages its own sandbox context to issue file read requests targeting paths outside the container. The application can read user documents, browser data, SSH keys, or other sensitive artifacts and exfiltrate them.
No public proof-of-concept exploit code is referenced in the advisory. Apple's advisory and the Full Disclosure mailing list post provide the available technical details.
Detection Methods for CVE-2025-30458
Indicators of Compromise
- Sandboxed processes accessing files outside their designated container path, such as ~/Library/Application Support data belonging to unrelated apps
- Unsigned or recently installed applications issuing read calls against ~/.ssh, ~/Library/Keychains, or browser profile directories
- Outbound network connections from a sandboxed application immediately following bulk file reads
Detection Strategies
- Monitor Endpoint Security framework events (ES_EVENT_TYPE_NOTIFY_OPEN) for sandboxed processes reading paths outside their container
- Correlate process code-signing identifiers and sandbox entitlements with observed file access patterns
- Inspect Unified Log entries for sandboxd denials and anomalies that precede successful out-of-container reads
Monitoring Recommendations
- Track macOS build versions across the fleet and alert on hosts below 15.4
- Baseline normal file access behavior per application bundle identifier and flag deviations
- Log and review installations of applications from outside the Mac App Store and notarization pipeline
How to Mitigate CVE-2025-30458
Immediate Actions Required
- Upgrade all macOS endpoints to macOS Sequoia 15.4 or later as documented in Apple Support Document 122373
- Inventory installed third-party applications and remove any that are unsigned, unnotarized, or from untrusted sources
- Audit recent file access from sandboxed applications for signs of pre-patch exploitation
Patch Information
Apple released the fix in macOS Sequoia 15.4. Administrators should deploy the update through MDM, Apple Software Update, or System Settings. Details are available in the Apple Support advisory and the Full Disclosure mailing list post.
Workarounds
- Restrict installation of applications to trusted sources via MDM configuration profiles until the patch is applied
- Apply Transparency, Consent, and Control (TCC) policies that limit access to Documents, Downloads, and Desktop folders
- Isolate high-value macOS hosts and disable execution of unsigned binaries through Gatekeeper enforcement
# Verify macOS build meets the patched version
sw_vers -productVersion
# Trigger Apple software update check and install
sudo softwareupdate -l
sudo softwareupdate -ia --restart
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
