Description
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs.
Published: 2025-03-31
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Update macOS
AI Analysis

Impact

A sandboxed application may be able to read sensitive data from system logs, allowing disclosure of confidential information. The weakness is a lack of proper isolation of log data, classified as CWE‑200. An attacker could compromise user privacy by extracting private credentials or system details from log files.

Affected Systems

Apple macOS systems prior to the release of Sequoia 15.4 are potentially affected. The fix is available in macOS Sequoia 15.4 and later, but earlier macOS versions remain vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates a medium impact, while the EPSS score of less than 1% suggests a very low probability of exploitation in the current environment. The vulnerability is not listed in CISA’s KEV catalog, reducing urgency, but the attack vector likely requires local or sandboxed privilege. Organizations should assess the presence of sandboxed apps with log‑reading capabilities and update promptly.

Generated by OpenCVE AI on April 28, 2026 at 11:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply macOS Sequoia 15.4 or later to remove the flaw.
  • Restrict, disable, or remove sandboxed applications that have unnecessary read access to system logs.
  • Configure system log management to enforce stricter access controls and monitor for unauthorized reads.

Generated by OpenCVE AI on April 28, 2026 at 11:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8917 This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs.
History

Tue, 28 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title Information Disclosure via Sandbox Log Access in macOS

Mon, 03 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Fri, 04 Apr 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Fri, 04 Apr 2025 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Fri, 04 Apr 2025 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Tue, 01 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 31 Mar 2025 22:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.4. A sandboxed app may be able to access sensitive user data in system logs.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:15:10.108Z

Reserved: 2025-03-22T00:04:43.717Z

Link: CVE-2025-30435

cve-icon Vulnrichment

Updated: 2025-11-03T21:14:31.883Z

cve-icon NVD

Status : Modified

Published: 2025-03-31T23:15:25.687

Modified: 2025-11-03T22:18:45.467

Link: CVE-2025-30435

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T12:00:13Z

Weaknesses