CVE-2025-46277
Unknown Unknown - Not Provided
Improper Data Redaction in Apple OS Logs Exposes Safari History

Publication date: 2025-12-17

Last updated on: 2026-04-02

Assigner: Apple Inc.

Description
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, watchOS 26.2. An app may be able to access a user’s Safari history.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-17
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2025-12-17
EPSS Evaluated
2026-06-14
NVD
CVE-2025-46277
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
apple ipados to 26.2 (exc)
apple iphone_os to 26.2 (exc)
apple macos to 26.2 (exc)
apple watchos to 26.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-532 The product writes sensitive information to a log file.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a logging issue related to insufficient data redaction, which could allow an app to access a user's Safari browsing history. It has been addressed by improving data redaction in the affected Apple operating systems.

Impact Analysis

An app exploiting this vulnerability could access your Safari browsing history without your consent, potentially compromising your privacy by revealing your web activity.

Mitigation Strategies

Update your Apple devices to macOS Tahoe 26.2, iOS 26.2, iPadOS 26.2, or watchOS 26.2 as these versions contain the fix for this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-46277. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart