Description
The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes.
Published: 2025-05-12
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information disclosure via hot corner revealing deleted notes
Action: Apply Update
AI Analysis

Impact

This vulnerability arises from improper cache handling in the hot‑corner feature of macOS. When the user activates a hot corner, the system may inadvertently expose the contents of notes that have been deleted. The result is the privacy breach of potentially sensitive personal information, as documented by CWE‑200.

Affected Systems

Apple macOS, particularly the Sequoia series. All releases before macOS Sequoia 15.5 are vulnerable; the issue was fixed in macOS Sequoia 15.5. Users running any earlier 15.x version should upgrade.

Risk and Exploitability

The CVSS score is 5.5, indicating a moderate risk. The EPSS score is less than 1% and the vulnerability is not included in CISA’s KEV catalog, implying a low exploitation probability in the current landscape. Nevertheless, an attacker could exploit the feature locally by initiating a hot‑corner action—potentially through user interaction, remote control of a logged‑in session, or automated UI scripts—to view deleted notes. The attack vector is likely local but could be leveraged in environments with shared or unattended devices.

Generated by OpenCVE AI on April 28, 2026 at 01:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the macOS Sequoia 15.5 update or newer to eliminate the flaw
  • Disable or reconfigure the hot‑corner functionality in System Settings to prevent accidental triggers
  • Restrict access to the Notes application and monitor for anomalous hot‑corner activity in sensitive device usage scenarios

Generated by OpenCVE AI on April 28, 2026 at 01:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14611 The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes.
History

Tue, 28 Apr 2026 02:00:00 +0000

Type Values Removed Values Added
Title Hot Corner Reveals Deleted Notes in macOS

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 27 May 2025 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple
Apple macos

Wed, 14 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Tue, 13 May 2025 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 May 2025 21:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved handling of caches. This issue is fixed in macOS Sequoia 15.5. Hot corner may unexpectedly reveal a user’s deleted notes.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:24:55.509Z

Reserved: 2025-03-27T16:13:58.336Z

Link: CVE-2025-31256

cve-icon Vulnrichment

Updated: 2025-11-03T19:52:24.710Z

cve-icon NVD

Status : Modified

Published: 2025-05-12T22:15:25.363

Modified: 2025-11-03T20:18:23.583

Link: CVE-2025-31256

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:45:18Z

Weaknesses