CVE-2025-31220Sensitive Information Exposure in Apple Ipados

CWE-200Sensitive Information Exposure7 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 76.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple IpadosApple Macos
Timeline
PublishedMay 12
Latest updateMay 13

Description

A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to read sensitive location information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5apple/macos< 13.7.6+2
NVDapple/macos14.014.7.6+2
CVEListV5apple/ipados< 17.7.7
NVDapple/ipados< 17.7.7

🔴Vulnerability Details

2
GHSA
GHSA-7j7h-p7m5-p62q: A privacy issue was addressed by removing sensitive data2025-05-13
CVEList
CVE-2025-31220: A privacy issue was addressed by removing sensitive data2025-05-12

📋Vendor Advisories

4
Apple
CVE-2025-31220: macOS Ventura 13.7.62025-05-12
Apple
CVE-2025-31220: macOS Sonoma 14.7.62025-05-12
Apple
CVE-2025-31220: iPadOS 17.7.72025-05-12
Apple
CVE-2025-31220: macOS Sequoia 15.52025-05-12
CVE-2025-31220 — Sensitive Information Exposure | cvebase