{"api_version":"1","generated_at":"2026-04-23T02:20:12+00:00","cve":"CVE-2025-43301","urls":{"html":"https://cve.report/CVE-2025-43301","api":"https://cve.report/api/cve/CVE-2025-43301.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-43301","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-43301"},"summary":{"title":"CVE-2025-43301","description":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access contact info related to notifications in Notification Center.","state":"PUBLISHED","assigner":"apple","published_at":"2025-09-15 23:15:33","updated_at":"2026-04-02 19:20:22"},"problem_types":["CWE-359","An app may be able to access contact info related to notifications in Notification Center","CWE-359 CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"3.3","severity":"LOW","vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://support.apple.com/en-us/125111","name":"https://support.apple.com/en-us/125111","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2025/Sep/53","name":"http://seclists.org/fulldisclosure/2025/Sep/53","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2025/Sep/54","name":"http://seclists.org/fulldisclosure/2025/Sep/54","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/125112","name":"https://support.apple.com/en-us/125112","refsource":"product-security@apple.com","tags":["Release Notes","Vendor Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2025/Sep/55","name":"http://seclists.org/fulldisclosure/2025/Sep/55","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://support.apple.com/en-us/125110","name":"https://support.apple.com/en-us/125110","refsource":"product-security@apple.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-43301","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-43301","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 14.8 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 15.7 custom","platforms":[]},{"source":"CNA","vendor":"Apple","product":"macOS","version":"affected 26 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2025","cve_id":"43301","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2025","cve_id":"43301","vulnerable":"1","versionEndIncluding":"14.8","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"43301","cve":"CVE-2025-43301","epss":"0.000120000","percentile":"0.016080000","score_date":"2026-04-07","updated_at":"2026-04-08 00:03:40"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"NONE","baseScore":3.3,"baseSeverity":"LOW","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2025-43301","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2025-09-16T13:39:54.672220Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-359","description":"CWE-359 Exposure of Private Personal Information to an Unauthorized Actor","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2025-09-16T17:26:26.218Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"providerMetadata":{"dateUpdated":"2025-11-03T18:10:30.951Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"http://seclists.org/fulldisclosure/2025/Sep/55"},{"url":"http://seclists.org/fulldisclosure/2025/Sep/54"},{"url":"http://seclists.org/fulldisclosure/2025/Sep/53"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"macOS","vendor":"Apple","versions":[{"lessThan":"14.8","status":"affected","version":"0","versionType":"custom"},{"lessThan":"15.7","status":"affected","version":"0","versionType":"custom"},{"lessThan":"26","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access contact info related to notifications in Notification Center."}],"problemTypes":[{"descriptions":[{"description":"An app may be able to access contact info related to notifications in Notification Center","lang":"en"}]}],"providerMetadata":{"dateUpdated":"2026-04-02T18:12:24.712Z","orgId":"286789f9-fbc2-4510-9f9a-43facdede74c","shortName":"apple"},"references":[{"url":"https://support.apple.com/en-us/125110"},{"url":"https://support.apple.com/en-us/125111"},{"url":"https://support.apple.com/en-us/125112"}]}},"cveMetadata":{"assignerOrgId":"286789f9-fbc2-4510-9f9a-43facdede74c","assignerShortName":"apple","cveId":"CVE-2025-43301","datePublished":"2025-09-15T22:34:41.119Z","dateReserved":"2025-04-16T15:24:37.104Z","dateUpdated":"2026-04-02T18:12:24.712Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2025-09-15 23:15:33","lastModifiedDate":"2026-04-02 19:20:22","problem_types":["CWE-359","An app may be able to access contact info related to notifications in Notification Center","CWE-359 CWE-359 Exposure of Private Personal Information to an Unauthorized Actor"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","baseScore":3.3,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":1.4}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"14.0","versionEndIncluding":"14.8","matchCriteriaId":"BF8B323B-8AF6-477F-A060-0EC0AE6EF31F"},{"vulnerable":true,"criteria":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.7","matchCriteriaId":"D37B8DD2-ECC6-469E-A1A3-148B98F9DEB6"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"43301","Ordinal":"1","Title":"CVE-2025-43301","CVE":"CVE-2025-43301","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"43301","Ordinal":"1","NoteData":"A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access contact info related to notifications in Notification Center.","Type":"Description","Title":"CVE-2025-43301"}]}}}