CVE-2025-51497 is a medium-severity vulnerability affecting the AdGuard plugin for Safari on macOS versions prior to 1.11.22. The issue arises from the plugin's verbose logging behavior, where every URL accessed by Safari while the plugin is active is recorded in the macOS general logs. These logs are accessible to any unsandboxed process on the system, potentially exposing sensitive browsing information to unauthorized local users or malicious software. The vulnerability is categorized under CWE-532, which relates to information exposure through log files. The CVSS v3.1 base score is 5.5, reflecting a local attack vector with low attack complexity, requiring low privileges but no user interaction. The impact primarily concerns confidentiality, as the URLs visited by the user could contain sensitive information such as private browsing habits, session tokens embedded in URLs, or access to confidential web resources. Integrity and availability are not impacted. The vulnerability does not require user interaction but does require local access with some privileges, limiting remote exploitation. Although no known exploits are reported in the wild, the exposure of browsing data in system logs represents a privacy risk and could facilitate further targeted attacks if combined with other vulnerabilities or malware. The issue is addressed by disabling verbose URL logging in AdGuard version 1.11.22 and later.

For European organizations, this vulnerability poses a privacy and confidentiality risk, especially for employees or users handling sensitive or regulated data through Safari on macOS devices with the vulnerable AdGuard plugin installed. Exposure of browsing URLs could lead to leakage of confidential business information, intellectual property, or personally identifiable information (PII), potentially violating GDPR requirements on data protection and privacy. Attackers with local access could leverage this information for social engineering or lateral movement within corporate networks. Organizations with macOS endpoints using Safari and AdGuard are at risk of internal data leakage. While the vulnerability does not allow remote exploitation, insider threats or malware with local privileges could exploit it. This risk is particularly relevant for sectors with high privacy requirements such as finance, healthcare, legal, and government institutions within Europe.

European organizations should ensure that all macOS endpoints running Safari have the AdGuard plugin updated to version 1.11.22 or later, where verbose URL logging is disabled. Endpoint management solutions should be used to enforce this update and verify plugin versions. Additionally, organizations should audit local log access permissions to restrict unsandboxed processes from reading general system logs. Implementing strict endpoint security controls, including application whitelisting and privilege management, can reduce the risk of unauthorized local access. Monitoring for unusual local process behavior that attempts to read system logs may help detect exploitation attempts. User awareness training should emphasize the risks of installing unverified plugins and the importance of timely updates. Finally, organizations should review their logging policies to avoid unnecessary exposure of sensitive information in logs.