Description
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data Disclosure
Action: Patch
AI Analysis

Impact

This vulnerability originates from insufficient private data redaction in system logs, allowing a sandboxed application to read sensitive user information. The flaw is a privacy issue that may expose confidential data through local log files. Its impact is the potential disclosure of personal data such as session tokens, file paths, or identifiers, leading to loss of confidentiality.

Affected Systems

Apple macOS systems prior to macOS Sequoia 15.4 are potentially affected. Users running older releases must check compatibility lists to determine if their version contains unrepaired log content.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while an EPSS score below 1% suggests a low likelihood of exploitation currently. It is not listed in the CISA KEV catalog, and the attack is inferred to be local: a sandboxed application with read access to system logs can exploit the flaw. No remote exploitation vector is documented, and the vulnerability requires that logs contain unredacted sensitive data.

Generated by OpenCVE AI on April 28, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the macOS 15.4 update or later to receive the log redaction fix.
  • Configure application sandboxing policies to prevent log access by untrusted apps.
  • Restrict or disable system log visibility for non‑privileged processes.

Generated by OpenCVE AI on April 28, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8938 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs.
History

Tue, 28 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Title Sandboxed App Can Access Sensitive User Data in System Logs on macOS

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 04:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:26:33.926Z

Reserved: 2025-01-17T00:00:45.015Z

Link: CVE-2025-24262

cve-icon Vulnrichment

Updated: 2025-11-03T21:11:36.204Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:23.150

Modified: 2025-11-03T22:18:37.743

Link: CVE-2025-24262

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T02:30:18Z

Weaknesses