CVE-2025-30432: 
macOS vulnerability analysis and mitigation

CVE-2025-30432 is a security vulnerability discovered in Apple's operating systems (visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sonoma 14.7.5). The vulnerability was disclosed on March 31, 2025, and affects the kernel component of these systems. The issue was identified by Michael (Biscuit) Thomas (Apple Security).

The vulnerability is characterized as a logic issue in the kernel component that was addressed with improved state management. It has been assigned a CVSS 3.1 Base Score of 6.4 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L. The vulnerability is associated with CWE-287 (Improper Authentication) (NVD).

A malicious app may be able to attempt passcode entries on a locked device and thereby cause escalating time delays after 4 failures. This could potentially lead to a denial-of-service condition on affected devices (Apple Security).

Apple has addressed this vulnerability by releasing security updates for all affected operating systems: visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, and macOS Sonoma 14.7.5. Users are advised to update their devices to these versions to protect against potential exploitation (Apple Security).