Medium severity5.5NVD Advisory· Published Mar 31, 2025· Updated Apr 2, 2026

CVE-2025-24283

Description

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2025-24283 is a logging issue in Apple OSes that allows an app to access sensitive user data, fixed in iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, and watchOS 11.4.

A logging issue in Apple's operating systems fails to properly redact sensitive user data, potentially allowing an app to access that data [1]. The vulnerability stems from insufficient data redaction in logging mechanisms, which could expose private information to unauthorized processes.

Exploitation requires an app installed on the device; no special privileges or network access are needed beyond what a standard app possesses. The app could read sensitive data from system or application logs that were not adequately sanitized [2].

An attacker leveraging this vulnerability could access sensitive user data, such as personal information or credentials, depending on what was logged. The impact is limited to data visibility without direct control over system functions.

Apple has addressed the issue with improved data redaction in the following releases: iOS 18.4, iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, and watchOS 11.4 [1][2]. Users are advised to update their devices to these versions to mitigate the risk.

References

AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./Ipados
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Range: <18.4
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: <18.4
Apple Inc./macOS
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Range: >=15.0,<15.4
Apple Inc./Visionos
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Range: <2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/122371nvdVendor Advisory
support.apple.com/en-us/122373nvdVendor Advisory
support.apple.com/en-us/122378nvdVendor Advisory
seclists.org/fulldisclosure/2025/Apr/12nvd
seclists.org/fulldisclosure/2025/Apr/13nvd
seclists.org/fulldisclosure/2025/Apr/4nvd
seclists.org/fulldisclosure/2025/Apr/8nvd
support.apple.com/en-us/122376nvd

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000