Description
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Deleting a conversation in Messages may expose user contact information in system logging.
Published: 2025-03-31
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Leak of user contact information via unredacted logs
Action: Apply Update
AI Analysis

Impact

The vulnerability permits unredacted user contact details to be written to system logs when a conversation in the Messages app is deleted. These logs can be accessed by privileged or potentially by compromised local users, resulting in an accidental disclosure of personal data. This is a confidentiality breach highlighted by CWE-200.

Affected Systems

Apple macOS is the affected platform. The fix is implemented in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. Users running earlier releases remain vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates severe impact, while the EPSS score of less than 1% suggests active exploitation is unlikely at this time. The vulnerability is not included in the CISA KEV catalog, implying no known widespread exploitation. Attackers would need local or elevated access to read the system logs; remote exploitation is not indicated by the available data. Based on the description, it is inferred that the attack vector is local access to system logs, as no remote exploitation pathway is mentioned.

Generated by OpenCVE AI on April 28, 2026 at 11:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to macOS Sequoia 15.4 or newer, macOS Sonoma 14.7.5 or newer, or macOS Ventura 13.7.5 or newer to receive the log‑redaction fix
  • If an immediate update is not feasible, adjust system logging configuration to limit or disable logging for the Messages application to reduce exposure of sensitive data
  • Avoid sharing system logs or enabling remote log monitoring until the fix is applied, ensuring that log files are accessible only by privileged users

Generated by OpenCVE AI on April 28, 2026 at 11:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8927 A logging issue was addressed with improved data redaction. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Deleting a conversation in Messages may expose user contact information in system logging.
History

Tue, 28 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Unredacted User Contact Information Logged After Deleting Messages Conversations

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Deleting a conversation in Messages may expose user contact information in system logging. A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Deleting a conversation in Messages may expose user contact information in system logging.

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Mon, 07 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Wed, 02 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 02 Apr 2025 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Deleting a conversation in Messages may expose user contact information in system logging.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:07:49.026Z

Reserved: 2025-03-22T00:04:43.715Z

Link: CVE-2025-30424

cve-icon Vulnrichment

Updated: 2025-04-02T13:45:27.602Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:24.757

Modified: 2026-04-02T19:19:33.757

Link: CVE-2025-30424

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:00:13Z

Weaknesses