CVE-2021-30666

ENISA EUVD: EUVD-2021-17583 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 20, 2026 11 articles Published: 2021-09-08
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
1.18%
probability
This CVE has a 1.18% probability of being exploited in the next 30 days.
0% Top 79.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

6.8
MEDIUM
Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Affected Products

Apple
iOS
unspecified

Attack Intelligence

Signal Intelligence

Confidence
92%
EPSS 1.18%
CVSS v3.1 8.8
Mentions 11
Last Seen Nov 09, 2021

CNA Information

CNA Assigner
apple

Analyst Note

Multiple authoritative sources (Qualys, BleepingComputer) explicitly identify CVE-2021-30666 as a zero-day exploited in the wild, with Apple issuing an emergency patch (iOS 15.0.2) to address active attacks. The exploitation preceded or coincided with patch availability, meeting zero-day criteria.

Triage Info

Decided atMar 20, 2026
Published DateSep 08, 2021