Description
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.3, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.
Published: 2025-05-12
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

Apple reported a privacy flaw that enables an application to read sensitive user data through log entries that were insufficiently obfuscated. The vulnerability, classified as CWE-200, allows access to confidential information that should be hidden; based on the description, it is inferred that such access could be performed by unprivileged code, potentially revealing personal or system data. The risk is limited to confidentiality leakage but does not extend to integrity or availability.

Affected Systems

Affected Apple operating systems include iOS 18.5, iPadOS 18.5 and 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3 and 14.7.6, macOS Ventura 13.7.3 and 13.7.6, tvOS 18.5, visionOS 2.5, and watchOS 11.5. Users running any of these versions should verify the current update status and plan a patch.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate risk. EPSS is below 1%, suggesting a low probability of exploitation in the near term, and the vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that exploitation would require an installed application able to read system logs, implying a local or privilege escalated context. The description does not provide evidence of a remote attack vector, so the impact appears to be confined to information leakage via local application activity.

Generated by OpenCVE AI on April 28, 2026 at 11:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Apple update for the affected operating system: iOS 18.5, iPadOS 18.5 or 17.7.7, macOS Sequoia 15.5, Sonoma 14.7.3/14.7.6, Ventura 13.7.3/13.7.6, tvOS 18.5, visionOS 2.5, or watchOS 11.5.
  • Consider disabling or limiting verbose debugging logs if your environment permits, to reduce the exposure of sensitive data in log outputs.
  • Monitor system logs for unexpected or unsolicited data and perform regular integrity checks on log files to detect anomalous entries.

Generated by OpenCVE AI on April 28, 2026 at 11:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14773 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.
History

Tue, 28 Apr 2026 11:45:00 +0000

Type Values Removed Values Added
Title Apple Privacy Issue Allowing App Access to Sensitive Data via Log Entries

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data. A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Sonoma 14.7.6, macOS Ventura 13.7.3, macOS Ventura 13.7.6, tvOS 18.5, visionOS 2.5, watchOS 11.5. An app may be able to access sensitive user data.
References

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ipados
Apple macos
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple ipados
Apple macos

Wed, 14 May 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access sensitive user data.
References

Subscriptions

Apple Ipados Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:08:46.900Z

Reserved: 2025-03-27T16:13:58.325Z

Link: CVE-2025-31242

cve-icon Vulnrichment

Updated: 2025-11-03T19:51:47.384Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:24.547

Modified: 2026-04-02T19:19:53.710

Link: CVE-2025-31242

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T11:30:29Z

Weaknesses