Description
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.
Published: 2025-12-17
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive user data leakage
Action: Patch
AI Analysis

Impact

A logging issue in Apple iOS and iPadOS allows an application to access and read log files that contain user‑sensitive data, resulting in a potential data leakage. This flaw stems from improper data redaction in the system logs and is classified as a CWE‑532 vulnerability, which concerns sensitive information overwritten or improperly measured in a log file.

Affected Systems

Apple’s iOS and iPadOS operating systems are affected by this vulnerability. The issue is fixed in iOS 26.2 and iPadOS 26.2, meaning any device running an earlier version is at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, while the EPSS score of less than 1% implies a low probability of exploitation in the wild; the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local or through a malicious application that can read system logs, giving it access to exposed user data.

Generated by OpenCVE AI on April 22, 2026 at 20:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update iOS or iPadOS to version 26.2 or later
  • Ensure that third‑party applications do not write sensitive information to log files in a non‑redacted form
  • Configure or modify application logging frameworks to redact or omit any personal data before it is written to logs

Generated by OpenCVE AI on April 22, 2026 at 20:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/125884 cve-icon cve-icon
History

Wed, 22 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Title User‑Sensitive Data Leakage via Improper Log Redaction in iOS/iPadOS

Thu, 18 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Thu, 18 Dec 2025 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-532
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Dec 2025 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Vendors & Products Apple
Apple ios
Apple ipados

Wed, 17 Dec 2025 21:00:00 +0000

Type Values Removed Values Added
Description A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.
References

Subscriptions

Apple Ios Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:16:05.256Z

Reserved: 2025-04-16T15:24:37.126Z

Link: CVE-2025-43475

cve-icon Vulnrichment

Updated: 2025-12-18T19:13:09.084Z

cve-icon NVD

Status : Analyzed

Published: 2025-12-17T21:16:06.980

Modified: 2025-12-18T20:45:24.613

Link: CVE-2025-43475

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T20:30:26Z

Weaknesses