cbcvebase.
CVE-2025-43517
published 2025-12-12

CVE-2025-43517: A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS…

PriorityP273low3.3CVSS 3.1
AVLACLPRLUINSUCLINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.17%
6.7th percentile
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2. An app may be able to access protected user data.

Affected

7 ranges
VendorProductVersion rangeFixed in
applemacos< 15.7.315.7.3
applemacos< 26.226.2
applemacos< 14.8.314.8.3
applemacos>= 15.0 < 15.7.315.7.3
applemacos_sequoia
applemacos_sonoma
applemacos_tahoe

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-43517 affects the 'Call History' component on macOS; monitor apps accessing Call History log entries, particularly those reading system logs that may expose private call data prior to patching.
  • Unpatched macOS versions (Sonoma < 14.8.3, Sequoia < 15.7.3, Tahoe < 26.2) are vulnerable; audit apps with log-reading entitlements or access to unified system log (OSLog) for unauthorized Call History data exposure.
  • ·The vulnerability is a privacy/data-redaction issue in log entries for the Call History component, not a code-execution or network-based flaw. Detection focus should be on local log access by apps rather than network indicators.
  • ·No public proof-of-concept, exploit code, hashes, network IOCs, or specific malicious filenames/paths are referenced in any source. Operational detection is limited to behavioral/version-based signals.

CVSS provenance

nvdv3.13.3LOWCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vulncheck3.3LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.