CVE-2025-31199
Published May 29, 2025
Last updated 4 months ago
AI description
CVE-2025-31199 is a logging issue where sensitive user data might be accessed by an application. The vulnerability arises from a failure to properly redact sensitive information in system logs. The vulnerability, dubbed "Sploitlight" by Microsoft, involves the exploitation of macOS's Spotlight search feature and its plugin system. By injecting crafted plugins or manipulating existing ones, an attacker could circumvent Transparency, Consent, and Control (TCC) barriers, potentially reading data from files that should remain inaccessible. The issue is fixed in iOS 18.4, iPadOS 18.4, visionOS 2.4, and macOS Sequoia 15.4.
- Description
- A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- ipados, iphone_os, macos, visionos
CVSS 3.1
- Type
- Secondary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-532
- Hype score
- Not currently trending
#VulnerabilityReport #AppleIntelligence Microsoft Uncovers “Sploitlight”: macOS Flaw (CVE-2025-31199) Bypasses TCC, Leaking Apple Intelligence Data https://t.co/NsKov0Q7lr
@Komodosec
3 Sept 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
macOSの脆弱性CVE-2025-31199が機密情報を漏洩するリスク https://t.co/Mi1r47P6lJ #Security #セキュリティ #ニュース
@SecureShield_
30 Jul 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
macOS Sploitlight flaw leaks Apple Intelligence data Microsoft researchers uncovered a macOS vulnerability (CVE-2025-31199), dubbed "Sploitlight," that allows attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework via Spotlight plugins. Patched in macOS
@dCypherIO
29 Jul 2025
65 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Microsoftの報告により、「Sploitlight」と呼ばれる重大なmacOSの脆弱性(CVE-2025-31199)が明らかとなった。 これは、Spotlightのプラグイン(.mdimporter)を悪用し、TCC保護を回避して、ユーザーの機密データを取得する
@yousukezan
29 Jul 2025
2025 Impressions
4 Retweets
15 Likes
4 Bookmarks
0 Replies
0 Quotes
🔍脅威インテリジェンスデータが氾濫し、活用しきれていない現状を現場は不安視 ⚠️マイクロソフトが警告:macOSの脆弱性「Sploitlight」悪用により、Apple Intelligenceからデータが流出する恐れ(CVE-2025-31199)
@MachinaRecord
29 Jul 2025
280 Impressions
1 Retweet
6 Likes
2 Bookmarks
0 Replies
0 Quotes
Sploitlight exploits(CVE-2025-31199) the privileged access of Spotlight plugins, enabling attackers to extract sensitive information from caches utilized by Apple Intelligence. https://t.co/k6Kg9ms4gD https://t.co/jtNZgYsDjr
@blackorbird
29 Jul 2025
1463 Impressions
0 Retweets
4 Likes
3 Bookmarks
1 Reply
0 Quotes
Microsoft ha descubierto una vulnerabilidad en macOS, rastreada como CVE-2025-31199, que podría permitir a los atacantes robar datos privados. Tras identificar la técnica de bypass, se informaron los hallazgos a Apple. #Ciberseguridad 🔍 @grok
@FinanzasMiloX
28 Jul 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft Threat Intelligence has uncovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data from files. We have disclosed our findings to Apple after discovering the bypass technique. #CyberSecurity @grok
@CryptoMilox
28 Jul 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
$MSFT $AAPL MICROSOFT THREAT INTELLIGENCE: UNCOVERED A MACOS VULNERABILITY, TRACKED AS CVE-2025-31199, THAT COULD ALLOW ATTACKERS TO STEAL PRIVATE DATA OF FILES AFTER DISCOVERING THE BYPASS TECHNIQUE, WE DISCLOSED OUR FINDINGS TO APPLE
@tenet_research
28 Jul 2025
873 Impressions
0 Retweets
2 Likes
0 Bookmarks
3 Replies
0 Quotes
🚨속보: 마이크로소프트, macOS 보안 취약점 CVE-2025-31199 발견 및 애플에 보고 마이크로소프트 위협 인텔리전스 팀이 맥OS에서 민감한 파일의 데이터를 탈취할 수 있는 취약점(CVE-2025-31199)을 발견했습니다. 이 취약
@ryudung2
28 Jul 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
$MSFT $AAPL 🔹Microsoft Threat Intelligence: Uncovered A Macos Vulnerability, Tracked As CVE-2025-31199, That Could Allow Attackers To Steal Private Data Of Files 🔹Says After Discovering The Bypass Technique, We Disclosed Our Findings To Apple 🔹Says Apple Released A Fix
@CHItraders
28 Jul 2025
249 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🔐 $MSFT Microsoft, macOS'ta ciddi güvenlik açığı tespit etti! 🧠 Tehdit istihbarat ekibi, CVE-2025-31199 olarak izlenen bir açığın saldırganlara özel verileri çalma imkanı verdiğini duyurdu. 🍏 Açık, macOS güvenlik mekanizmalarının BYPASS edilmesine
@ILKERFIRENZE
28 Jul 2025
124 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Microsoft and Apple Released Fix for CVE-2025-31199 Vulnerability
@FirstSquawk
28 Jul 2025
8955 Impressions
1 Retweet
8 Likes
0 Bookmarks
3 Replies
0 Quotes
Microsoft Threat Intelligence Discovers a macOS Vulnerability, CVE-2025-31199, That Could Enable Attackers To Steal Private Files
@FirstSquawk
28 Jul 2025
9022 Impressions
4 Retweets
7 Likes
1 Bookmark
5 Replies
0 Quotes
⚡ 속보: Microsoft, macOS 취약점 발견…정보 유출 위험 경고 Microsoft의 위협 인텔리전스 팀이 macOS에서 "CVE-2025-31199"로 추적되는 취약점을 발견했습니다. 이 취약점은 공격자가 파일의 개인 데이터를 탈취할 수 있게
@inyeob_kim
28 Jul 2025
86 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MICROSOFT THREAT INTELLIGENCE: MACOS VULNERABILITY CVE-2025-31199 COULD EXPOSE PRIVATE FILE DATA TO ATTACKERS Microsoft has discovered a macOS security flaw — CVE-2025-31199 — that could allow malicious actors to steal private file data from targeted systems.
@FirstSquawk
28 Jul 2025
9162 Impressions
3 Retweets
9 Likes
2 Bookmarks
3 Replies
1 Quote
MICROSOFT - APPLE RELEASED A FIX FOR THIS VULNERABILITY, NOW IDENTIFIED AS CVE-2025-31199 $MSFT $AAPL
@finsquawk_
28 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MICROSOFT THREAT INTELLIGENCE: UNCOVERED A MACOS VULNERABILITY, TRACKED AS CVE-2025-31199, THAT COULD ALLOW ATTACKERS TO STEAL PRIVATE DATA OF FILES $MSFT $AAPL
@finsquawk_
28 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
MICROSOFT THREAT INTELLIGENCE: UNCOVERED A MACOS VULNERABILITY, TRACKED AS CVE-2025-31199, THAT COULD ALLOW ATTACKERS TO STEAL PRIVATE DATA OF FILES
@faststocknewss
28 Jul 2025
6047 Impressions
1 Retweet
15 Likes
0 Bookmarks
5 Replies
0 Quotes
Microsoft Threat Intelligence uncovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), such as caches used by Apple Intelligence. https://t.co/RItmoVgnHZ
@MsftSecIntel
28 Jul 2025
67051 Impressions
52 Retweets
155 Likes
60 Bookmarks
7 Replies
7 Quotes
CVE-2025-31199 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to a… https://t.co/GpSBT3SphL
@CVEnew
29 May 2025
483 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B3450F7-7B4A-46CE-A6E0-BBE6569F2EBF",
"versionEndExcluding": "18.4"
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D9C73F9-FEF4-4FC1-B83D-56566AD35990",
"versionEndExcluding": "18.4"
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3BD0A90-23F1-430A-8119-E14055F7E621",
"versionEndExcluding": "15.4"
},
{
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E82603D7-A630-4B9B-9C51-880667F05EC7",
"versionEndExcluding": "2.4"
}
],
"operator": "OR"
}
]
}
]