CVE-2025-30424
Published: 31 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-30424 is a logging vulnerability (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor) in Apple's macOS operating system, affecting the Messages application. The issue stems from insufficient data redaction in system logging, where deleting a conversation in Messages exposes user contact information. It impacts macOS Sequoia versions prior to 15.4, macOS Sonoma prior to 14.7.5, and macOS Ventura prior to 13.7.5.
The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), making it remotely exploitable over the network with low attack complexity, no required privileges, and no user interaction. Any unauthenticated remote attacker can leverage this to access exposed contact information in system logs, achieving high impacts on confidentiality, integrity, and availability.
Apple's security advisories detail the fix through improved data redaction in macOS Sequoia 15.4, Sonoma 14.7.5, and Ventura 13.7.5. Practitioners should prioritize updating affected systems, with further mitigation guidance and release notes available at https://support.apple.com/en-us/122373, https://support.apple.com/en-us/122374, https://support.apple.com/en-us/122375, and Full Disclosure mailing list postings from April 2025.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability exposes sensitive contact information in system logs due to insufficient redaction, directly facilitating T1005 by allowing unauthorized access to data from the local system.