Medium severity5.5NVD Advisory· Published Mar 31, 2025· Updated Apr 2, 2026

CVE-2025-24217

Description

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, watchOS 11.4. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A logging issue in Apple platforms allows an app to access sensitive user data; fixed in iOS 18.4, macOS Sequoia 15.4, and others.

Vulnerability

Overview

CVE-2025-24217 is a logging issue in Apple operating systems that fails to properly redact sensitive information. The vulnerability stems from insufficient data redaction in system logs, potentially exposing user data to applications running on the device [1][2].

Exploitation

An app with local access to the device may exploit this flaw by reading system logs that contain unredacted sensitive information. No special privileges or network access are required beyond the ability to run an app on the affected platform [1][2].

Impact

Successful exploitation could allow an app to access sensitive user data, such as personal information or credentials, that was inadvertently logged without proper masking. The exact scope of data exposure depends on the logging context [1][2].

Mitigation

Apple has addressed this issue in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, and watchOS 11.4. Users are advised to update their devices to the latest available versions to protect against potential exploitation [1][2].

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <18.4
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <18.4
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: >=15.0,<15.4
Apple Inc./tvOS
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Range: <18.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/122371nvdVendor Advisory
support.apple.com/en-us/122373nvdVendor Advisory
support.apple.com/en-us/122377nvdVendor Advisory
seclists.org/fulldisclosure/2025/Apr/11nvd
seclists.org/fulldisclosure/2025/Apr/13nvd
seclists.org/fulldisclosure/2025/Apr/4nvd
seclists.org/fulldisclosure/2025/Apr/8nvd
support.apple.com/en-us/122376nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000