{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-31225", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-03-27T16:13:58.321Z", "datePublished": "2025-05-12T21:42:33.096Z", "dateUpdated": "2026-04-02T18:14:52.906Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Call history from deleted apps may still appear in spotlight search results"}]}], "affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"version": "0", "status": "affected", "lessThan": "18.5", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results."}], "references": [{"url": "https://support.apple.com/en-us/122404"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:14:52.906Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-13T19:06:12.758911Z", "id": "CVE-2025-31225", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T19:11:13.061Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:50:28.592Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/May/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T19:50:28.592Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-31225", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-13T19:06:12.758911Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T19:06:43.794Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "iOS and iPadOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "18.5", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/122404"}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Call history from deleted apps may still appear in spotlight search results"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2025-05-12T21:42:33.096Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31225", "state": "PUBLISHED", "dateUpdated": "2025-11-03T19:50:28.592Z", "dateReserved": "2025-03-27T16:13:58.321Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-05-12T21:42:33.096Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0459303-7D14-428D-9C4E-2C743AC9529F", "versionEndExcluding": "18.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF6AAC00-F384-4B0D-BBA9-C2AD278BF653", "versionEndExcluding": "18.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 18.5 and iPadOS 18.5. Call history from deleted apps may still appear in spotlight search results."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de privacidad eliminando datos confidenciales. Este problema se solucion\u00f3 en iOS 18.5 y iPadOS 18.5. El historial de llamadas de las apps eliminadas a\u00fan puede aparecer en los resultados de b\u00fasqueda de Spotlight."}], "id": "CVE-2025-31225", "lastModified": "2025-11-03T20:18:19.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-05-12T22:15:23.230", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/122404"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/May/5"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T01:53:31.375422+00:00", "value": {"mitigation_remediation": ["Download and install the iOS\u00a018.5 or iPadOS\u00a018.5 update to remove the residual call history bug.", "Restart the device to allow the Spotlight index to refresh and confirm that deleted app call logs no longer appear.", "If the issue persists after the update, consult Apple support through the provided link or report it via the Apple Support page for further assistance."], "summary": {"action": "Apply Update", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Apple iOS and iPadOS devices running versions prior to iOS\u00a018.5 or iPadOS\u00a018.5 are affected. The issue is fixed in iOS\u00a018.5 and iPadOS\u00a018.5. Devices with earlier releases remain vulnerable.", "description_and_impact": "This privacy vulnerability allows sensitive call history from apps that have been deleted to appear in Spotlight search results, potentially exposing personal communication records. The flaw stems from the incomplete removal of call logs when an app is deleted, leading to inadvertent disclosure of private data (CWE\u2011200). While the vulnerability does not grant traditional unauthorized access or code execution, it does compromise confidentiality by exposing personal information that should have been fully removed.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a high severity vulnerability, though the EPSS score of less than 1% suggests very low exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Attackers or even ordinary users can trigger the issue simply by performing a Spotlight search on the device; no special privileges or network access are required. The likely attack vector is local device use, where Spotlight queries the undisposed storage and surfaces the residual call history."}}}}, "created": "2026-04-28T02:00:15.389624+00:00", "title": "Privacy Leak: Deleted App Call History Appears in Spotlight Search", "updated": "2026-04-28T02:00:15.389635+00:00", "vendors": []}