CVE-2025-30424: 
macOS vulnerability analysis and mitigation

CVE-2025-30424 is a logging vulnerability discovered in Apple's macOS operating systems that affects the Photos Storage component. The vulnerability was disclosed on March 31, 2025, and affects multiple versions of macOS including Ventura (versions up to 13.7.5), Sonoma (versions up to 14.7.5), and Sequoia (versions up to 15.4). The issue occurs when deleting a conversation in Messages, which may expose user contact information in system logging (NVD).

The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). It has received a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a critical severity level. The technical root cause was identified as a logging issue in the Photos Storage component that inadequately handled data redaction when conversations were deleted in Messages (NVD).

The vulnerability allows exposure of user contact information in system logging when a conversation is deleted in Messages. This could potentially lead to unauthorized access to sensitive user contact data, compromising user privacy (Apple Support).

Apple has addressed this vulnerability by improving data redaction in the affected components. The fix is available in macOS Ventura 13.7.5, macOS Sequoia 15.4, and macOS Sonoma 14.7.5. Users are advised to update their systems to these versions or later to mitigate the risk (Apple Support).