PatchSiren cyber security CVE debrief

CVE-2025-46313 Apple CVE debrief

CVE-2025-46313 is a medium-severity vulnerability (CVSS Score: 5.5) that was publicly disclosed on 2026-06-11T19:16:34.603Z and last modified on 2026-06-12T22:16:47.890Z. The vulnerability is related to a logging issue that was addressed with improved data redaction in macOS Tahoe 26.1. According to the CVE description, an app may be able to access sensitive user data due to this issue. The CVE record can be found at [cve-org](https://www.cve.org/CVERecord?id=CVE-2025-46313). For more information, refer to the NVD detail page at [nvd](https://nvd.nist.gov/vuln/detail/CVE-2025-46313). Apple has also provided a support page at [ref-4](https://support.apple.com/en-us/125634) that may be relevant to this issue.

Vendor: Apple
Product: macOS
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-11
Original CVE updated: 2026-06-12
Advisory published: 2026-06-11
Advisory updated: 2026-06-12

Who should care

Users of macOS Tahoe 26.1 and administrators responsible for maintaining systems with this operating system should be aware of this vulnerability and take necessary precautions to mitigate potential risks.

Technical summary

The vulnerability is caused by a logging issue that was not properly redacting sensitive user data. This issue has been fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data due to this issue.

Defensive priority

MEDIUM

Recommended defensive actions

Apply the patch: Update to macOS Tahoe 26.1 or later.
Review and monitor app activity: Ensure that apps are not accessing sensitive user data without proper authorization.

Evidence notes

The vendor is currently listed as 'Unknown Vendor', but there is evidence suggesting that the vendor may be Apple.

Official resources

CVE-2025-46313 was publicly disclosed on 2026-06-11T19:16:34.603Z and last modified on 2026-06-12T22:16:47.890Z.