Description
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Exposure
Action: Apply Patch
AI Analysis

Impact

A logging issue caused sensitive user data to be exposed because it was not properly redacted. The flaw allows an application to access this data, resulting in an information exposure vulnerability classified as CWE-200.

Affected Systems

Apple iOS, iPadOS, macOS Sequoia, visionOS, and watchOS are affected. The vulnerability is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, and watchOS 11.4. Systems running earlier versions of any of these operating systems are impacted.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% reveals a low probability of exploitation at this time. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, the attack vector is most likely local, where a malicious or compromised application can trigger the logging process to capture sensitive information.

Generated by OpenCVE AI on April 28, 2026 at 03:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to iOS 18.4 or later, IpadOS 18.4 or later, macOS Sequoia 15.4 or later, visionOS 2.4 or later, or watchOS 11.4 or later.
  • Ensure that system updates are installed promptly on all affected devices.
  • If an immediate upgrade is not feasible, restrict third‑party applications from generating or accessing detailed logs that may contain sensitive data, and monitor logs for unexpected disclosures.

Generated by OpenCVE AI on April 28, 2026 at 03:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8933 A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
History

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data. A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.
References

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple iphone Os
Apple macos
Apple visionos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple iphone Os
Apple macos
Apple visionos

Wed, 02 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in visionOS 2.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
References

Subscriptions

Apple Ipados Iphone Os Macos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:10:54.470Z

Reserved: 2025-01-17T00:00:45.020Z

Link: CVE-2025-24283

cve-icon Vulnrichment

Updated: 2025-11-03T21:12:39.156Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:24.663

Modified: 2026-04-02T19:19:33.387

Link: CVE-2025-24283

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T03:15:05Z

Weaknesses