CVE-2025-24117

This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122066	Release Notes Vendor Advisory
https://support.apple.com/en-us/122067	Release Notes Vendor Advisory
https://support.apple.com/en-us/122068	Release Notes Vendor Advisory
https://support.apple.com/en-us/122071	Release Notes Vendor Advisory
https://support.apple.com/en-us/122073	Release Notes Vendor Advisory
http://seclists.org/fulldisclosure/2025/Jan/12
http://seclists.org/fulldisclosure/2025/Jan/14
http://seclists.org/fulldisclosure/2025/Jan/15
http://seclists.org/fulldisclosure/2025/Jan/18

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:visionos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

02 Apr 2026, 19:19

Type	Values Removed	Values Added
Summary	(en) This issue was addressed with improved redaction of sensitive information. This issue is fixed in iPadOS 17.7.4, visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3. An app may be able to fingerprint the user.	(en) This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user.

03 Nov 2025, 21:19

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2025/Jan/12 - () http://seclists.org/fulldisclosure/2025/Jan/14 - () http://seclists.org/fulldisclosure/2025/Jan/15 - () http://seclists.org/fulldisclosure/2025/Jan/18 -

31 Jan 2025, 14:40

Type	Values Removed	Values Added
CPE		cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:visionos:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:macos::::::::
First Time		Apple watchos Apple visionos Apple iphone Os Apple Apple macos Apple ipados
References	~~() https://support.apple.com/en-us/122066 -~~	() https://support.apple.com/en-us/122066 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122067 -~~	() https://support.apple.com/en-us/122067 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122068 -~~	() https://support.apple.com/en-us/122068 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122071 -~~	() https://support.apple.com/en-us/122071 - Release Notes, Vendor Advisory
References	~~() https://support.apple.com/en-us/122073 -~~	() https://support.apple.com/en-us/122073 - Release Notes, Vendor Advisory

29 Jan 2025, 17:15

Type	Values Removed	Values Added
CWE		CWE-922
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) Este problema se solucionó con una redacción mejorada de información confidencial. Este problema se solucionó en iPadOS 17.7.4, visionOS 2.3, iOS 18.3 y iPadOS 18.3, macOS Sequoia 15.3 y watchOS 11.3. Es posible que una aplicación pueda tomar la huella digital del usuario.

27 Jan 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-27 22:15

Updated : 2026-04-02 19:19

NVD link : CVE-2025-24117

Mitre link : CVE-2025-24117

CVE.ORG link : CVE-2025-24117

JSON object : View

Products Affected

apple

ipados
watchos
visionos
macos
iphone_os

CWE

CWE-922

Insecure Storage of Sensitive Information

5.5 /10