{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43259", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:24:37.096Z", "datePublished": "2025-07-29T23:35:20.409Z", "dateUpdated": "2026-04-02T18:11:42.528Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker with physical access to a locked device may be able to view sensitive user information"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "13.7.7", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "14.7.7", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information."}], "references": [{"url": "https://support.apple.com/en-us/124149"}, {"url": "https://support.apple.com/en-us/124150"}, {"url": "https://support.apple.com/en-us/124151"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:11:42.528Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-359", "lang": "en", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-30T13:26:11.191955Z", "id": "CVE-2025-43259", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T18:08:08.245Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jul/34"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/33"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/32"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:03:24.531Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2025/Jul/34"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/33"}, {"url": "http://seclists.org/fulldisclosure/2025/Jul/32"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T20:03:24.531Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43259", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-30T13:26:11.191955Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-359", "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T13:26:12.915Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "0", "lessThan": "13.7.7", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "14.7.7", "versionType": "custom"}, {"status": "affected", "version": "0", "lessThan": "15.6", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/124149"}, {"url": "https://support.apple.com/en-us/124150"}, {"url": "https://support.apple.com/en-us/124151"}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An attacker with physical access to a locked device may be able to view sensitive user information"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:11:42.528Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43259", "state": "PUBLISHED", "dateUpdated": "2026-04-02T18:11:42.528Z", "dateReserved": "2025-04-16T15:24:37.096Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2025-07-29T23:35:20.409Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "32DF9916-8A45-426F-BA36-FC73FD668828", "versionEndExcluding": "13.7.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F043DE0-C517-463D-9693-53789EB6132D", "versionEndExcluding": "14.7.7", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF17CE2-DB4B-48D1-81AF-67EF1EC7BB45", "versionEndExcluding": "15.6", "versionStartIncluding": "15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker with physical access to a locked device may be able to view sensitive user information."}, {"lang": "es", "value": "Este problema se solucion\u00f3 mejorando la redacci\u00f3n de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en macOS Sequoia 15.6, macOS Sonoma 14.7.7 y macOS Ventura 13.7.7. Un atacante con acceso f\u00edsico a un dispositivo bloqueado podr\u00eda acceder a informaci\u00f3n confidencial del usuario."}], "id": "CVE-2025-43259", "lastModified": "2025-11-03T20:18:58.233", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-30T00:15:37.480", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124149"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124150"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/124151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jul/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jul/33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2025/Jul/34"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-359"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T00:47:13.832285+00:00", "value": {"mitigation_remediation": ["Upgrade macOS to Sequoia 15.6, Sonoma 14.7.7, or Ventura 13.7.7 to apply the redaction fix.", "Restrict physical access to the device by ensuring it remains locked when not in use and by using biometric authentication when unlocking.", "Disable or limit features that expose sensitive data on the lock screen, such as recent notifications or Siri suggestions, via System Settings > Security & Privacy."], "summary": {"action": "Patch", "impact": "Sensitive data disclosure"}, "threat_synthesis": {"affected_systems": "Apple macOS systems are affected, including any version prior to macOS Sequoia 15.6, macOS Sonoma 14.7.7, or macOS Ventura 13.7.7. The vulnerability is present in all builds of macOS that do not contain the improved redaction fix released in these versions.", "description_and_impact": "A flaw in macOS sensitive\u2011information redaction can allow an attacker to view user information on a locked device. The weakness, classified as CWE\u2011359, permits exposure of data that should be hidden when a device is locked. If exploited, the attacker could access personal details or confidential content presented during user interactions.", "risk_and_exploitability": "The CVSS score of 4.6 indicates low to moderate severity, and the EPSS score of <1% suggests the exploit is unlikely to be automated or widely used. The issue is not listed in CISA's KEV catalog. The likely attack vector is physical access; an attacker who can physically reach a device that is locked may leverage this weakness to view sensitive data visible on the lock screen or through recent activity. No remote exploitation is described, so the risk is tied to proximity to the device."}}}}, "created": "2025-07-30T10:13:59.188182+00:00", "title": "View of Sensitive Information on Locked macOS Devices via Physical Access", "updated": "2026-04-28T01:00:10.100035+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$macos_sequoia", "apple$PRODUCT$macos_sonoma", "apple$PRODUCT$macos_ventura"]}