VYPR
← All advisories
Medium severity5.5NVD Advisory· Published May 12, 2025· Updated Apr 2, 2026

CVE-2025-24142

CVE-2025-24142

Description

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A privacy issue in macOS allows an app to access sensitive user data due to insufficient log redaction; fixed in macOS Sequoia 15.5, Sonoma 14.7.6, and Ventura 13.7.6.

Vulnerability

CVE-2025-24142 is a privacy issue in macOS that stems from insufficient redaction of private data in log entries. The system fails to properly sanitize sensitive user information before writing it to logs, potentially exposing it to local applications.

Exploitation

An attacker would need to have a malicious app installed on the target device. The app can then read log entries that contain unredacted private data, bypassing intended privacy protections. No special privileges or network access are required beyond local app execution.

Impact

Successful exploitation allows an app to access sensitive user data that should have been protected, such as personal or confidential information logged by the system or other apps.

Mitigation

Apple has addressed this issue in macOS Sequoia 15.5, macOS Sonoma 14.7.6, and macOS Ventura 13.7.6 [1][2][3]. Users should update to the latest available version. No workarounds are documented.

References
  1. About the security content of macOS Sequoia 15.5 - Apple Support
  2. About the security content of macOS Sonoma 14.7.6 - Apple Support
  3. About the security content of macOS Ventura 13.7.6 - Apple Support

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

6

News mentions

0

No linked articles in our index yet.