CVE-2025-46308 | An authorization issue was addressed with improved state man… | CVSS 5.3 MEDIUM

Description

An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information.

Metadata

CVE ID: CVE-2025-46308
State: PUBLISHED
Assigner: apple
Reserved: 2025-04-22 21:13 UTC
Published: 2026-06-11 18:47 UTC
Last updated: 2026-06-11 19:31 UTC
Primary CWE: CWE-284
CWE-284 Improper Access Control
Vendor / Product: Apple / iOS and iPadOS
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
Apple	iOS and iPadOS	—	0 < 18.4
Apple	macOS	—	0 < 15.4

Weakness (CWE)

CWE	Source	Description
—	cna	An app may be able to leak sensitive user information
CWE-284	adp	CWE-284 Improper Access Control

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.3	MEDIUM	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (2)