Description
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information.
Published: 2025-07-29
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive data disclosure
Action: Patch
AI Analysis

Impact

A flaw in macOS sensitive‑information redaction can allow an attacker to view user information on a locked device. The weakness, classified as CWE‑359, permits exposure of data that should be hidden when a device is locked. If exploited, the attacker could access personal details or confidential content presented during user interactions.

Affected Systems

Apple macOS systems are affected, including any version prior to macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7. The vulnerability is present in all builds of macOS that do not contain the improved redaction fix released in these versions.

Risk and Exploitability

The CVSS score of 4.6 indicates low to moderate severity, and the EPSS score of <1% suggests the exploit is unlikely to be automated or widely used. The issue is not listed in CISA's KEV catalog. The likely attack vector is physical access; an attacker who can physically reach a device that is locked may leverage this weakness to view sensitive data visible on the lock screen or through recent activity. No remote exploitation is described, so the risk is tied to proximity to the device.

Generated by OpenCVE AI on April 28, 2026 at 00:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade macOS to Sequoia 15.6, Sonoma 14.7.7, or Ventura 13.7.7 to apply the redaction fix.
  • Restrict physical access to the device by ensuring it remains locked when not in use and by using biometric authentication when unlocking.
  • Disable or limit features that expose sensitive data on the lock screen, such as recent notifications or Siri suggestions, via System Settings > Security & Privacy.

Generated by OpenCVE AI on April 28, 2026 at 00:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-23125 This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information.
History

Tue, 28 Apr 2026 01:15:00 +0000

Type Values Removed Values Added
Title View of Sensitive Information on Locked macOS Devices via Physical Access

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Fri, 01 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 30 Jul 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-359
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 30 Jul 2025 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura
Vendors & Products Apple
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura

Tue, 29 Jul 2025 23:45:00 +0000

Type Values Removed Values Added
Description This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information.
References

Subscriptions

Apple Macos Macos Sequoia Macos Sonoma Macos Ventura
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:11:42.528Z

Reserved: 2025-04-16T15:24:37.096Z

Link: CVE-2025-43259

cve-icon Vulnrichment

Updated: 2025-11-03T20:03:24.531Z

cve-icon NVD

Status : Modified

Published: 2025-07-30T00:15:37.480

Modified: 2025-11-03T20:18:58.233

Link: CVE-2025-43259

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:00:10Z

Weaknesses