CVE-2025-30424 is a critical information disclosure vulnerability in Apple macOS's Messages application. The issue arises from improper logging practices when a user deletes a conversation, where contact information is insufficiently redacted and thus recorded in system logs. This flaw violates the principle of least privilege by exposing sensitive user data to any process or user with access to system logs, potentially including malicious actors or unauthorized personnel. The vulnerability affects multiple macOS versions prior to the patched releases: macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5. The CVSS v3.1 base score is 9.8, reflecting the vulnerability's high impact on confidentiality, integrity, and availability, combined with its ease of exploitation (network attack vector, no privileges or user interaction required). The root cause is categorized under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). While no exploits have been reported in the wild yet, the vulnerability's nature makes it a prime target for attackers seeking to harvest contact information for further social engineering, phishing, or identity theft attacks. Apple addressed the issue by improving data redaction in system logging to prevent sensitive information leakage. Organizations relying on macOS devices for communication should apply the security updates promptly to avoid exposure.

The vulnerability can lead to unauthorized disclosure of user contact information, compromising user privacy and potentially enabling targeted phishing or social engineering attacks. Exposure of sensitive contact data can damage organizational reputation, lead to regulatory non-compliance (e.g., GDPR, CCPA), and facilitate lateral movement within networks if attackers leverage the information for further exploitation. Since the flaw affects system logs, any user or process with access to these logs could retrieve sensitive data, increasing the risk of insider threats or exploitation by malware. The critical CVSS score indicates that the vulnerability affects confidentiality, integrity, and availability, potentially allowing attackers to manipulate logs or disrupt system operations. Organizations with macOS endpoints, especially those in sectors handling sensitive communications such as finance, healthcare, government, and technology, face heightened risk. The lack of required authentication or user interaction lowers the barrier for exploitation, increasing the threat landscape.

1. Immediately apply the security patches released by Apple in macOS Sequoia 15.4, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5 to ensure proper data redaction in system logs. 2. Restrict access to system logs to only trusted administrators and processes, employing strict access control policies and monitoring for unusual access patterns. 3. Implement centralized log management with encryption and role-based access controls to minimize exposure of sensitive data. 4. Conduct regular audits of system logs to detect any unauthorized access or leakage of sensitive information. 5. Educate users and administrators about the risks of information disclosure and encourage prompt installation of security updates. 6. Employ endpoint detection and response (EDR) solutions to monitor for suspicious activities related to log access or manipulation. 7. Consider disabling or limiting logging of sensitive operations temporarily if patching is delayed, balancing operational needs and security risks. 8. Maintain an incident response plan that includes procedures for handling data exposure incidents involving system logs.