CVE-2021-30761

ENISA EUVD: EUVD-2021-17678 ↗
Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 20, 2026 9 articles Published: 2021-09-08
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
0.51%
probability
This CVE has a 0.51% probability of being exploited in the next 30 days.
0% Top 66.6th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

6.8
MEDIUM
Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Affected Products

Apple
iOS
unspecified

Attack Intelligence

Signal Intelligence

Confidence
92%
EPSS 0.51%
CVSS v3.1 8.8
Mentions 9
Last Seen Nov 09, 2021

CNA Information

CNA Assigner
apple

Analyst Note

CVE-2021-30761 is explicitly described across multiple authoritative sources (Qualys, BleepingComputer) as a zero-day exploited in the wild, fixed by Apple in an emergency iOS 15.0.2 security release. The simultaneous disclosure of exploitation and patch availability, combined with consistent reporting from reputable security outlets, confirms zero-day status.

Triage Info

Decided atMar 20, 2026
Published DateSep 08, 2021