Privacy Issue in Apple Products Affecting Location Data
CVE-2025-31220

5.5MEDIUM

Key Information:

Vendor

Apple

Vendor
CVE Published:
12 May 2025

What is CVE-2025-31220?

A privacy issue has been identified in Apple products where a malicious app could potentially exploit vulnerabilities to read sensitive location information. This flaw, affecting various versions of iPadOS and macOS, has been addressed by implementing measures to remove sensitive data from unauthorized access. Users are encouraged to update their devices to the latest versions to mitigate the risk.

Affected Version(s)

iPadOS < 17.7

macOS < 15.5

macOS < 14.7

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-31220 : Privacy Issue in Apple Products Affecting Location Data