CVE-2025-51497
BaseFortify
Publication date: 2025-07-17
Last updated on: 2025-10-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| adguard | adguard_for_safari | to 1.11.22 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, update AdGuard for Safari to version 1.11.22 or later, where verbose URL logging is disabled by default. You can update the app via the Mac App Store. If updating is not immediately possible, disable verbose logging mode in the AdGuard settings to prevent URLs from being logged. Additionally, consider reviewing and clearing any sensitive logs that may have been recorded prior to the update. [1]
Can you explain this vulnerability to me?
CVE-2025-51497 is a privacy vulnerability in the AdGuard plugin for Safari on MacOS before version 1.11.22. The plugin was logging every URL that Safari accessed while it was active, and these logs were stored in the MacOS general logs. Because these logs were accessible to any unsandboxed process, this exposed users' browsing activity without their consent. The issue was fixed in version 1.11.22 by disabling this verbose URL logging by default, requiring users to explicitly enable it if desired. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by exposing your complete browsing history to any unsandboxed process on your MacOS system, potentially allowing unauthorized parties or malicious software to access your private browsing data. This compromises your privacy by revealing which websites you visit without your consent. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking the MacOS system logs for verbose logging entries from the AdGuard for Safari extension that include URLs accessed by Safari. Look for log messages similar to: 'AdGuardForSafariExtension AG: Page url: https://example.com'. On MacOS, you can use the following command to search the logs for such entries: sudo log show --predicate 'process == "AdGuardForSafariExtension" && eventMessage CONTAINS "Page url"' --info --last 1d This command searches the system logs from the last day for AdGuard verbose URL logging. If you see URLs logged in this manner, your system is likely affected by the vulnerability. [1]