Description
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Patch Now
AI Analysis

Impact

This vulnerability involves improper redaction of sensitive information within Apple’s operating systems. An application may be able to read data that should have been hidden, leading to unauthorized disclosure of personal or confidential information. The weakness is identified as a confidentiality issue (CWE‑200).

Affected Systems

Versions of iOS, iPadOS, macOS Sequoia, tvOS, and watchOS before the fixed releases (iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4) are considered affected. This inference is based on the fix releases; the explicit range is not disclosed.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium impact, and the EPSS score of less than 1% reflects a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, further suggesting limited active exploitation. Based on the description, the most plausible attack vector is a local or user‑installed application that requests or accesses protected data, thereby bypassing redaction controls.

Generated by OpenCVE AI on April 28, 2026 at 11:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates (iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4).
  • Review and restrict application permissions that access sensitive data through the device’s privacy settings.
  • Observe and remove suspicious applications that could exploit the redaction flaw.

Generated by OpenCVE AI on April 28, 2026 at 11:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8980 This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
History

Tue, 28 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Apple OS Sensitive Data Exposure via Improper Redaction

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.
References

Mon, 03 Nov 2025 21:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple tvos

Tue, 01 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, tvOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
References

Subscriptions

Apple Ipados Iphone Os Macos Tvos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:09:58.524Z

Reserved: 2025-01-17T00:00:45.003Z

Link: CVE-2025-24217

cve-icon Vulnrichment

Updated: 2025-04-01T14:50:22.758Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:19.697

Modified: 2026-04-02T19:19:21.000

Link: CVE-2025-24217

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:00:13Z

Weaknesses