CVE-2025-43517

// CVE-2025-43517 PoC - macOS Log Privacy Information Disclosure // This PoC demonstrates the privacy issue in macOS log entries // Note: This is for educational and security research purposes only #include <Foundation/Foundation.h> #include <os/log.h> void demonstrateLogPrivacyIssue() { // Simulate sensitive data being logged without proper redaction NSString *sensitiveUserData = @"UserPassword: SecretPass123"; NSString *apiKey = @"API_Key: sk-1234567890abcdef"; os_log_t logger = os_log_create("com.example.app", "PrivacyTest"); // Vulnerable: Sensitive data logged without redaction os_log(logger, "User authentication data: %{public}@", sensitiveUserData); os_log(logger, "API credentials: %{public}@", apiKey); // Attacker can read logs from: // /var/log/system.log // ~/Library/Logs/ // /private/var/log/ NSLog(@"Check system logs for exposed sensitive data"); } int main(int argc, const char * argv[]) { @autoreleasepool { demonstrateLogPrivacyIssue(); } return 0; }

{"cve": {"id": "CVE-2025-43517", "sourceIdentifier": "[email protected]", "published": "2025-12-12T21:15:56.510", "lastModified": "2026-04-02T19:20:58.553", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.8.3", "matchCriteriaId": "8E37DC2A-33E6-480B-8DFE-4F6558F0A895"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.7.3", "matchCriteriaId": "3428C860-E02D-4FE9-96F4-58EEAAB8321D"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125886", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125887", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125888", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}