CVE-2025-30430 | This issue was addressed through improved state management. … | CVSS 9.8 CRITICAL

Description

This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. Password autofill may fill in passwords after failing authentication.

Metadata

CVE ID: CVE-2025-30430
State: PUBLISHED
Assigner: apple
Reserved: 2025-03-22 00:04 UTC
Published: 2025-03-31 22:23 UTC
Last updated: 2026-04-02 18:22 UTC
Primary CWE: CWE-287
CWE-287 Improper Authentication
Vendor / Product: Apple / iOS and iPadOS
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (4)

Vendor	Product	Platform	Versions
Apple	iOS and iPadOS	—	0 < 18.4
Apple	macOS	—	0 < 15.4
Apple	visionOS	—	0 < 2.4
Apple	watchOS	—	0 < 11.4

Weakness (CWE)

CWE	Source	Description
—	cna	Password autofill may fill in passwords after failing authentication
CWE-287	adp	CWE-287 Improper Authentication

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)