VYPR
← All advisories
Medium severity5.5NVD Advisory· Published Nov 4, 2025· Updated Apr 2, 2026

CVE-2025-43477

CVE-2025-43477

Description

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A privacy issue in macOS allows an app to access sensitive user data due to improper redaction of log entries; fixed in recent macOS updates.

Vulnerability

Overview CVE-2025-43477 is a privacy vulnerability in macOS that stems from inadequate redaction of sensitive user data from log entries. The root cause is a failure to properly scrub private information before writing logs, leaving user data exposed within the logging subsystem.

Exploitation

An attacker who can execute an arbitrary app on the affected system can exploit this issue by reading log entries that contain unredacted sensitive data. No special privileges or network access are required; the app simply needs to access the log files where the data was inadvertently stored.

Impact

Successful exploitation allows the app to access sensitive user data, such as personal information or credentials, that should have been protected. This could lead to further privacy breaches or identity theft.

Mitigation

Apple addressed this issue with improved private data redaction in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, and macOS Tahoe 26.1 [1][2][3]. Users are advised to update to the latest versions to protect their data.

References
  1. About the security content of macOS Tahoe 26.1 - Apple Support
  2. About the security content of macOS Sequoia 15.7.2 - Apple Support
  3. About the security content of macOS Sonoma 14.8.2 - Apple Support

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.