CVE-2025-31199

Published May 29, 2025

Last updated 4 months ago

CVSS medium 5.5
iPadOS
iOS
macOS
visionOS
Sploitlight

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-31199 is a logging issue where sensitive user data might be accessed by an application. The vulnerability arises from a failure to properly redact sensitive information in system logs. The vulnerability, dubbed "Sploitlight" by Microsoft, involves the exploitation of macOS's Spotlight search feature and its plugin system. By injecting crafted plugins or manipulating existing ones, an attacker could circumvent Transparency, Consent, and Control (TCC) barriers, potentially reading data from files that should remain inaccessible. The issue is fixed in iOS 18.4, iPadOS 18.4, visionOS 2.4, and macOS Sequoia 15.4.

Description
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
Source
product-security@apple.com
NVD status
Analyzed
Products
ipados, iphone_os, macos, visionos

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-532

Social media

Hype score
Not currently trending
  1. #VulnerabilityReport #AppleIntelligence Microsoft Uncovers “Sploitlight”: macOS Flaw (CVE-2025-31199) Bypasses TCC, Leaking Apple Intelligence Data https://t.co/NsKov0Q7lr

    @Komodosec

    3 Sept 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. macOSの脆弱性CVE-2025-31199が機密情報を漏洩するリスク https://t.co/Mi1r47P6lJ #Security #セキュリティ #ニュース

    @SecureShield_

    30 Jul 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. macOS Sploitlight flaw leaks Apple Intelligence data Microsoft researchers uncovered a macOS vulnerability (CVE-2025-31199), dubbed "Sploitlight," that allows attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework via Spotlight plugins. Patched in macOS

    @dCypherIO

    29 Jul 2025

    65 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Microsoftの報告により、「Sploitlight」と呼ばれる重大なmacOSの脆弱性(CVE-2025-31199)が明らかとなった。 これは、Spotlightのプラグイン(.mdimporter)を悪用し、TCC保護を回避して、ユーザーの機密データを取得する

    @yousukezan

    29 Jul 2025

    2025 Impressions

    4 Retweets

    15 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  5. 🔍脅威インテリジェンスデータが氾濫し、活用しきれていない現状を現場は不安視 ⚠️マイクロソフトが警告:macOSの脆弱性「Sploitlight」悪用により、Apple Intelligenceからデータが流出する恐れ(CVE-2025-31199)

    @MachinaRecord

    29 Jul 2025

    280 Impressions

    1 Retweet

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  6. Sploitlight exploits(CVE-2025-31199) the privileged access of Spotlight plugins, enabling attackers to extract sensitive information from caches utilized by Apple Intelligence. https://t.co/k6Kg9ms4gD https://t.co/jtNZgYsDjr

    @blackorbird

    29 Jul 2025

    1463 Impressions

    0 Retweets

    4 Likes

    3 Bookmarks

    1 Reply

    0 Quotes

  7. Microsoft ha descubierto una vulnerabilidad en macOS, rastreada como CVE-2025-31199, que podría permitir a los atacantes robar datos privados. Tras identificar la técnica de bypass, se informaron los hallazgos a Apple. #Ciberseguridad 🔍 @grok

    @FinanzasMiloX

    28 Jul 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Microsoft Threat Intelligence has uncovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data from files. We have disclosed our findings to Apple after discovering the bypass technique. #CyberSecurity @grok

    @CryptoMilox

    28 Jul 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. $MSFT $AAPL MICROSOFT THREAT INTELLIGENCE: UNCOVERED A MACOS VULNERABILITY, TRACKED AS CVE-2025-31199, THAT COULD ALLOW ATTACKERS TO STEAL PRIVATE DATA OF FILES AFTER DISCOVERING THE BYPASS TECHNIQUE, WE DISCLOSED OUR FINDINGS TO APPLE

    @tenet_research

    28 Jul 2025

    873 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    3 Replies

    0 Quotes

  10. 🚨속보: 마이크로소프트, macOS 보안 취약점 CVE-2025-31199 발견 및 애플에 보고 마이크로소프트 위협 인텔리전스 팀이 맥OS에서 민감한 파일의 데이터를 탈취할 수 있는 취약점(CVE-2025-31199)을 발견했습니다. 이 취약

    @ryudung2

    28 Jul 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. $MSFT $AAPL 🔹Microsoft Threat Intelligence: Uncovered A Macos Vulnerability, Tracked As CVE-2025-31199, That Could Allow Attackers To Steal Private Data Of Files 🔹Says After Discovering The Bypass Technique, We Disclosed Our Findings To Apple 🔹Says Apple Released A Fix

    @CHItraders

    28 Jul 2025

    249 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨🔐 $MSFT Microsoft, macOS'ta ciddi güvenlik açığı tespit etti! 🧠 Tehdit istihbarat ekibi, CVE-2025-31199 olarak izlenen bir açığın saldırganlara özel verileri çalma imkanı verdiğini duyurdu. 🍏 Açık, macOS güvenlik mekanizmalarının BYPASS edilmesine

    @ILKERFIRENZE

    28 Jul 2025

    124 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Microsoft and Apple Released Fix for CVE-2025-31199 Vulnerability

    @FirstSquawk

    28 Jul 2025

    8955 Impressions

    1 Retweet

    8 Likes

    0 Bookmarks

    3 Replies

    0 Quotes

  14. Microsoft Threat Intelligence Discovers a macOS Vulnerability, CVE-2025-31199, That Could Enable Attackers To Steal Private Files

    @FirstSquawk

    28 Jul 2025

    9022 Impressions

    4 Retweets

    7 Likes

    1 Bookmark

    5 Replies

    0 Quotes

  15. ⚡ 속보: Microsoft, macOS 취약점 발견…정보 유출 위험 경고 Microsoft의 위협 인텔리전스 팀이 macOS에서 "CVE-2025-31199"로 추적되는 취약점을 발견했습니다. 이 취약점은 공격자가 파일의 개인 데이터를 탈취할 수 있게

    @inyeob_kim

    28 Jul 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. MICROSOFT THREAT INTELLIGENCE: MACOS VULNERABILITY CVE-2025-31199 COULD EXPOSE PRIVATE FILE DATA TO ATTACKERS Microsoft has discovered a macOS security flaw — CVE-2025-31199 — that could allow malicious actors to steal private file data from targeted systems.

    @FirstSquawk

    28 Jul 2025

    9162 Impressions

    3 Retweets

    9 Likes

    2 Bookmarks

    3 Replies

    1 Quote

  17. MICROSOFT - APPLE RELEASED A FIX FOR THIS VULNERABILITY, NOW IDENTIFIED AS CVE-2025-31199 $MSFT $AAPL

    @finsquawk_

    28 Jul 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. MICROSOFT THREAT INTELLIGENCE: UNCOVERED A MACOS VULNERABILITY, TRACKED AS CVE-2025-31199, THAT COULD ALLOW ATTACKERS TO STEAL PRIVATE DATA OF FILES $MSFT $AAPL

    @finsquawk_

    28 Jul 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. MICROSOFT THREAT INTELLIGENCE: UNCOVERED A MACOS VULNERABILITY, TRACKED AS CVE-2025-31199, THAT COULD ALLOW ATTACKERS TO STEAL PRIVATE DATA OF FILES

    @faststocknewss

    28 Jul 2025

    6047 Impressions

    1 Retweet

    15 Likes

    0 Bookmarks

    5 Replies

    0 Quotes

  20. Microsoft Threat Intelligence uncovered a macOS vulnerability, tracked as CVE-2025-31199, that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), such as caches used by Apple Intelligence. https://t.co/RItmoVgnHZ

    @MsftSecIntel

    28 Jul 2025

    67051 Impressions

    52 Retweets

    155 Likes

    60 Bookmarks

    7 Replies

    7 Quotes

  21. CVE-2025-31199 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to a… https://t.co/GpSBT3SphL

    @CVEnew

    29 May 2025

    483 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations