CVE-2025-31199

MEDIUM

iPadOS < 18.4 - Sensitive Information Disclosure via Log File Insertion

Title source: llm
STIX 2.1

Description

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.8.2, visionOS 2.4. An app may be able to access sensitive user data.

References (4)

Core 4
Core References
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122371
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122373
Release Notes, Vendor Advisory
https://support.apple.com/en-us/122378

Scores

CVSS v3 5.5
EPSS 0.0039
EPSS Percentile 30.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-532
Status published
Products (8)
Apple/iOS and iPadOS < 18.4
apple/ipados < 18.4
apple/iphone_os < 18.4
Apple/macOS < 14.8.2
apple/macos < 15.4
Apple/macOS < 15.4
apple/visionos < 2.4
Apple/visionOS < 2.4
Published May 29, 2025
Tracked Since Feb 18, 2026