Description
A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to read sensitive location information.
Published: 2025-05-12
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Privacy Violation: Location Data Exposure
Action: Patch Update
AI Analysis

Impact

The vulnerability permits a malicious application to read sensitive location data that was previously protected. This constitutes a privacy violation, allowing an attacker to obtain personal geographic information without user consent. The weakness is categorized as CWE‑200, a confidentiality vulnerability.

Affected Systems

Apple products affected include iPadOS and macOS. The issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, and macOS Ventura 13.7.6. Earlier releases lacking these updates are susceptible.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity. The EPSS score of less than 1% suggests that exploitation is currently unlikely, and the vulnerability is not listed in CISA's KEV catalog. The attack is likely local, involving a malicious app that can read location information, as the description states an app may be able to do so.

Generated by OpenCVE AI on April 28, 2026 at 11:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest iPadOS 17.7.7 or newer macOS releases (Sequoia 15.5, Sonoma 14.7.6, Ventura 13.7.6) to receive the vendor fix.
  • Restrict or revoke location permissions for applications that do not require them to reduce the risk of accidental data leakage.
  • Verify that no unknown or untrusted apps are installed; remove any that may attempt to harvest location data.

Generated by OpenCVE AI on April 28, 2026 at 11:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14505 A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information.
History

Tue, 28 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Title Sensitive Location Data Exposure via Malicious App

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information. A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to read sensitive location information.

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple macos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple macos

Tue, 13 May 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information.
References

Subscriptions

Apple Ipados Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:27:19.082Z

Reserved: 2025-03-27T16:13:58.319Z

Link: CVE-2025-31220

cve-icon Vulnrichment

Updated: 2025-11-03T19:49:54.550Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:22.790

Modified: 2026-04-02T19:19:49.890

Link: CVE-2025-31220

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:30:29Z

Weaknesses