Listen to this Post
How the CVE Works
CVE-2025-31225 is a privacy flaw in iOS/iPadOS where deleted app call history remains accessible via Spotlight Search due to improper data sanitization. When an app is uninstalled, its call logs should be purged from all system indexes, but Spotlight fails to update its cached search results, exposing residual metadata. Attackers with physical access could exploit this to recover sensitive call information. The vulnerability stems from an incomplete cleanup routine in the CoreSpotlight service, leaving traces in the system’s search database.
DailyCVE Form
Platform: iOS/iPadOS
Version: <18.5
Vulnerability: Residual call history leakage
Severity: Medium
Date: 05/27/2025
Prediction: Patch expected by 06/10/2025
What Undercode Say:
Analytics:
- Exploitability: Low (requires physical access)
- Prevalence: Moderate (affects devices with third-party call apps)
- Mitigation: Disable Spotlight for Call History until patch.
Commands:
1. Check Spotlight indexing status:
mdutil -a -s
2. Temporarily disable call history indexing:
mdimport -n /System/Library/Spotlight/CallHistory.mdimporter
Exploit PoC (Theoretical):
let query = CSSearchQuery(queryString: "kMDItemCallHistory", attributes: nil)
query.foundItemsHandler = { items in
print("Leaked call logs: (items)")
}
query.start()
Protection Code (Swift):
import CoreSpotlight
CSSearchableIndex.default().deleteSearchableItems(withDomainIdentifiers: ["com.apple.calls"]) { error in
if let error = error { print("Purge failed: (error)") }
}
Mitigation Steps:
1. Update to iOS 18.5+.
2. Manually clear Spotlight cache:
sudo mdutil -E /
3. Audit third-party call apps for data retention.
Log Monitoring:
log stream --predicate 'eventMessage CONTAINS "CoreSpotlight"'
References:
- Apple Security Advisory: [ASA-2025-XXX]
- CVE Database: https://nvd.nist.gov/vuln/detail/CVE-2025-31225
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

