CVE-2025-30424
Published: 31 March 2025
Summary
CVE-2025-30424 is a critical-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Apple Macos. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 38.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AU-13 (Monitoring for Information Disclosure) and AU-9 (Protection of Audit Information).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Remediates the specific macOS logging flaw through timely patching with improved data redaction, directly preventing exposure of user contact information.
Protects system audit information from unauthorized access and disclosure, mitigating exposure of sensitive contact details in unredacted logs.
Monitors the system specifically for information disclosures like unredacted user contact information in logs triggered by Messages conversation deletion.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability exposes sensitive contact information in system logs due to insufficient redaction, directly facilitating T1005 by allowing unauthorized access to data from the local system.
NVD Description
A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. Deleting a conversation in Messages may expose user contact information in system logging.
Deeper analysisAI
CVE-2025-30424 is a logging vulnerability (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor) in Apple's macOS operating system, affecting the Messages application. The issue stems from insufficient data redaction in system logging, where deleting a conversation in Messages exposes user contact information. It impacts macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it remotely exploitable over the network with low attack complexity, no required privileges, and no user interaction. Any unauthenticated remote attacker can leverage this to access exposed contact information in system logs, achieving high impacts on confidentiality, integrity, and availability.
Apple's security advisories detail the fix through improved data redaction in macOS Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. Practitioners should prioritize updating affected systems, with further mitigation guidance and release notes available at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, and Full Disclosure mailing list postings from April 2025.
Details
- CWE(s)