Description
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An app may be able to view a contact's phone number in system logs.
Published: 2025-01-27
Score: 3.3 Low
EPSS: < 1% Very Low
KEV: No
Impact: Privacy Breach of contact data
Action: Apply Patch
AI Analysis

Impact

A privacy flaw allows any application that can read system logs to obtain a contact’s phone number. The issue is a failure in the redaction of private data within log entries, causing personal identifying information to be exposed. The vulnerability is classified as CWE‑532, reflecting the improper handling of sensitive data in logs.

Affected Systems

The flaw occurs on Apple’s operating systems, impacting iOS, iPadOS, and macOS. It is resolved in iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3. Devices running earlier releases remain vulnerable, and applications installed on these systems could read the compromised logs and retrieve phone numbers.

Risk and Exploitability

The CVSS score of 3.3 indicates a low severity, and the EPSS score (< 1 %) suggests that exploitation is unlikely. The vulnerability is not listed in the CISA KEV catalog. Attackers would need to run a malicious or compromised application on the device, as log access is typically allowed to applications with appropriate privacy entitlements. Once a log is read, the attacker can extract phone numbers from the log content.

Generated by OpenCVE AI on April 28, 2026 at 04:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Ensure the device is updated to iOS 18.3, iPadOS 18.3, or macOS Sequoia 15.3, which contain the injected fix where the phone number is no longer exposed in logs.
  • Restrict installation to apps from trusted sources and remove any unnecessary applications that can read system logs.
  • For environments where updates cannot be applied immediately, configure device management policies to limit log access for non‑essential apps and audit logs for exposures of personal data.

Generated by OpenCVE AI on April 28, 2026 at 04:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3651 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs.
History

Tue, 28 Apr 2026 04:30:00 +0000

Type Values Removed Values Added
Title App Exposure of Contact Phone Numbers via System Log Redaction Failure

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs. A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3. An app may be able to view a contact's phone number in system logs.

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Feb 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Jan 2025 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Weaknesses CWE-532
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Metrics cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Mon, 27 Jan 2025 22:00:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone number in system logs.
References

Subscriptions

Apple Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:10:51.214Z

Reserved: 2025-01-17T00:00:44.976Z

Link: CVE-2025-24145

cve-icon Vulnrichment

Updated: 2025-11-03T21:03:53.170Z

cve-icon NVD

Status : Modified

Published: 2025-01-27T22:15:18.990

Modified: 2026-04-02T19:19:07.163

Link: CVE-2025-24145

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T04:15:16Z

Weaknesses