Description
A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via System Termination
Action: Immediate Patch
AI Analysis

Impact

A race condition that existed in certain macOS releases was addressed in newer versions with improved locking. The flaw can be triggered by mounting a maliciously crafted SMB network share, and it may cause the entire macOS system to terminate, effectively leading to a denial of service. This vulnerability is identified as a race condition (CWE‑362) and therefore can allow an attacker to interfere with the program’s execution flow.

Affected Systems

Affected Apple macOS installations include versions released prior to macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Apple has provided fixes in the update releases for these operating system families. Users running any earlier macOS build are vulnerable and should consider upgrading to the specified patched releases.

Risk and Exploitability

The CVSS score of 9.8 indicates a high severity of the issue. The EPSS score of less than 1% suggests that exploitation probability is currently low. The vulnerability is not listed in CISA’s KEV catalog, implying no public evidence of widespread exploitation. Based on the description, it is inferred that the likely attack vector is mounting a malicious SMB share, which could be performed remotely if the SMB service is exposed, or locally by an attacker with network access. The impact is purely availability (system termination), and no direct confidentiality or integrity compromise is described.

Generated by OpenCVE AI on April 28, 2026 at 19:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to at least Sequoia 15.4, Sonoma 14.7.5, or Ventura 13.7.5, which contain the fix for the race condition.
  • Restrict SMB access by configuring the firewall or disabling SMB sharing until the update is installed.
  • Monitor system logs for repeated attempts to mount network shares and temporarily block offending IPs to reduce potential exploitation.

Generated by OpenCVE AI on April 28, 2026 at 19:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8921 A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.
History

Tue, 28 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Title Malicious SMB Share Causes System Termination via Race Condition in macOS

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Mounting a maliciously crafted SMB network share may lead to system termination. A race condition was addressed with improved locking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Wed, 02 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 02 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Mounting a maliciously crafted SMB network share may lead to system termination.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:10:57.697Z

Reserved: 2025-03-22T00:04:43.718Z

Link: CVE-2025-30444

cve-icon Vulnrichment

Updated: 2025-04-02T13:35:48.707Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:26.260

Modified: 2026-04-02T19:19:38.027

Link: CVE-2025-30444

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T19:15:25Z

Weaknesses