CVE-2025-43517
published 2025-12-12CVE-2025-43517: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS…
PriorityP273low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.17%
6.7th percentile
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 15.7.3 | 15.7.3 |
| apple | macos | < 26.2 | 26.2 |
| apple | macos | < 14.8.3 | 14.8.3 |
| apple | macos | >= 15.0 < 15.7.3 | 15.7.3 |
| apple | macos_sequoia | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_tahoe | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-43517 affects the 'Call History' component on macOS; monitor apps accessing Call History log entries, particularly those reading system logs that may expose private call data prior to patching. ↗
- →Unpatched macOS versions (Sonoma < 14.8.3, Sequoia < 15.7.3, Tahoe < 26.2) are vulnerable; audit apps with log-reading entitlements or access to unified system log (OSLog) for unauthorized Call History data exposure. ↗
- ·The vulnerability is a privacy/data-redaction issue in log entries for the Call History component, not a code-execution or network-based flaw. Detection focus should be on local log access by apps rather than network indicators. ↗
- ·No public proof-of-concept, exploit code, hashes, network IOCs, or specific malicious filenames/paths are referenced in any source. Operational detection is limited to behavioral/version-based signals. ↗
CVSS provenance
nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vulncheck3.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f9j9-m66j-c8p5: A privacy issue was addressed with improved private data redaction for log entries
ghsa_unreviewed·2025-12-12
CVE-2025-43517 [LOW] CWE-532 GHSA-f9j9-m66j-c8p5: A privacy issue was addressed with improved private data redaction for log entries
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.8.3, macOS Sequoia 15.7.3. An app may be able to access protected user data.
VulnCheck
Apple macOS Sequoia/Sonoma/Tahoe Log Entry Data Redaction Vulnerability
vulncheck·2025·CVSS 3.3
CVE-2025-43517 [LOW] Apple macOS Sequoia/Sonoma/Tahoe Log Entry Data Redaction Vulnerability
Apple macOS Sequoia/Sonoma/Tahoe Log Entry Data Redaction Vulnerability
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.
Affected: Apple macos
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://media.jamf.com/documents/white-papers/security-360-mac-2026.pdf
Apple
CVE-2025-43517: macOS Sonoma 14.8.3
vendor_apple·2025-12-12·CVSS 3.3
CVE-2025-43517 [LOW] CVE-2025-43517: macOS Sonoma 14.8.3
Apple Security Update: About the security content of macOS Sonoma 14.8.3
Product: macOS Sonoma
Version: 14.8.3
CVE: CVE-2025-43517
Component: Call History
Impact: An app may be able to access protected user data
Description: A privacy issue was addressed with improved private data redaction for log entries.
Apple
CVE-2025-43517: macOS Sequoia 15.7.3
vendor_apple·2025-12-12·CVSS 3.3
CVE-2025-43517 [LOW] CVE-2025-43517: macOS Sequoia 15.7.3
Apple Security Update: About the security content of macOS Sequoia 15.7.3
Product: macOS Sequoia
Version: 15.7.3
CVE: CVE-2025-43517
Component: Call History
Impact: An app may be able to access protected user data
Description: A privacy issue was addressed with improved private data redaction for log entries.
Apple
CVE-2025-43517: macOS Tahoe 26.2
vendor_apple·2025-12-12·CVSS 3.3
CVE-2025-43517 [LOW] CVE-2025-43517: macOS Tahoe 26.2
Apple Security Update: About the security content of macOS Tahoe 26.2
Product: macOS Tahoe
Version: 26.2
CVE: CVE-2025-43517
Component: Call History
Impact: An app may be able to access protected user data
Description: A privacy issue was addressed with improved private data redaction for log entries.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-12-12
Published
Exploited in the wild