{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-43508", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2025-04-16T15:27:21.194Z", "datePublished": "2026-01-16T17:06:08.976Z", "dateUpdated": "2026-04-02T18:20:43.781Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access sensitive user data"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "26.1", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data."}], "references": [{"url": "https://support.apple.com/en-us/125634"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-04-02T18:20:43.781Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-532", "lang": "en", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-01-16T17:50:10.235965Z", "id": "CVE-2025-43508", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T17:50:14.394Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-43508", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-16T17:50:10.235965Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T17:50:04.979Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "26.1", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/125634"}], "descriptions": [{"lang": "en", "value": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to access sensitive user data"}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-01-16T17:06:08.976Z"}}}, "cveMetadata": {"cveId": "CVE-2025-43508", "state": "PUBLISHED", "dateUpdated": "2026-01-16T17:50:14.394Z", "dateReserved": "2025-04-16T15:27:21.194Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2026-01-16T17:06:08.976Z", "assignerShortName": "apple"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:26.0:*:*:*:*:*:*:*", "matchCriteriaId": "551159EE-8311-4A13-802D-85871DAB5E77", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data."}], "id": "CVE-2025-43508", "lastModified": "2026-01-27T20:19:37.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-01-16T18:16:07.923", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/125634"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T20:10:04.252368+00:00", "value": {"mitigation_remediation": ["Install macOS Tahoe\u202f26.1 or later to apply the approved log redaction fix.", "If an immediate upgrade is not possible, block the execution of unknown or untrusted applications and limit permissions for log access, especially under the affected log files.", "Delete or secure existing log files that may contain under\u2011redacted user data, ensuring they are owned by root and not readable by unprivileged users."], "summary": {"action": "Update OS", "impact": "Sensitive data exposure"}, "threat_synthesis": {"affected_systems": "Apple\u2019s macOS Tahoe 26.0 is affected. All installations of macOS Tahoe at version 26.0 that have not been updated to 26.1 or later are vulnerable. Later releases, beginning with 26.1, contain the log redaction fix.", "description_and_impact": "A logging issue in macOS Tahoe 26.0 allowed the disclosure of sensitive user data because log entries were not correctly redacted. The problem stems from inadequate input filtering and results in potential exposure of confidential information. The vulnerability aligns with CWE\u2011532, characterizing the improper handling of sensitive data in logs. An attacker could read logs containing personal data, violating privacy and confidentiality.", "risk_and_exploitability": "The CVSS score of 5.5 indicates a moderate severity, and the EPSS score of < 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is likely local: a malicious or compromised application running under a user\u2019s session could read the unauthenticated logs and retrieve sensitive information. The impact is limited to the confidentiality of user data and does not involve code execution or system compromise."}}}}, "created": "2026-01-19T09:20:48.073174+00:00", "title": "Sensitive User Data Exposure via Improper Log Redaction", "updated": "2026-04-22T20:15:20.533715+00:00", "vendors": ["apple", "apple$PRODUCT$macos", "apple$PRODUCT$macos_tahoe"]}