Login Sign Up

CVE-2025-51497

5.5 MEDIUM

📋 TL;DR

The AdGuard Safari plugin before version 1.11.22 logged every URL accessed by Safari into macOS system logs, which were readable by any unsandboxed process. This exposed users' browsing history to local attackers or malicious software. Only macOS users with the vulnerable AdGuard Safari plugin are affected.

💻 Affected Systems

Products:
  • AdGuard for Safari
Versions: All versions before 1.11.22
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Safari browser plugin on macOS. Requires plugin to be active and logging enabled (default).

📦 What is this software?

Adguard For Safari by Adguard

View all CVEs affecting Adguard For Safari →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access or malware could extract complete browsing history including sensitive sites (banking, healthcare, private communications), enabling profiling, blackmail, or credential theft.

🟠

Likely Case

Malware or other local processes could silently collect browsing patterns and visited URLs for advertising, tracking, or reconnaissance purposes.

🟢

If Mitigated

With proper access controls and updated software, the logs would not contain URL data or would be inaccessible to unauthorized processes.

🌐 Internet-Facing: LOW - This is a local information disclosure vulnerability requiring local access or malware.
🏢 Internal Only: MEDIUM - On shared or compromised systems, local users or malware could exploit this to gather sensitive browsing data.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access or malware that can read system logs. No authentication bypass needed beyond local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.11.22

Vendor Advisory: https://adguard.com/en/adguard-safari/overview.html

Restart Required: Yes

Instructions:

1. Open Safari. 2. Go to Safari Extensions. 3. Find AdGuard. 4. Check for updates or manually update to 1.11.22+. 5. Restart Safari.

🔧 Temporary Workarounds

Disable AdGuard logging

all

Turn off verbose logging in AdGuard settings if available in older versions

Restrict log access

linux

Set stricter permissions on macOS system logs to prevent unauthorized reading

sudo chmod 640 /var/log/system.log
sudo chmod 640 /var/log/*.log

🧯 If You Can't Patch

  • Uninstall AdGuard for Safari plugin
  • Use alternative ad-blocking solutions

🔍 How to Verify

Check if Vulnerable:

Check AdGuard version in Safari extensions. If version < 1.11.22, check system logs for URL entries: grep -i 'adguard\|url' /var/log/system.log

Check Version:

Safari → Extensions → AdGuard → Version info

Verify Fix Applied:

Update to 1.11.22+, restart Safari, verify no URL logging in system logs after browsing

📡 Detection & Monitoring

Log Indicators:

  • URL entries in macOS system logs from AdGuard process
  • Excessive logging of web requests

SIEM Query:

source="system.log" AND process="AdGuard" AND (url OR http OR https)

📊 Metadata

CVE ID: CVE-2025-51497
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-532
EPSS Score: 0.02% exploit probability (3.8th percentile)
Published: July 17, 2025
Last Updated: October 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-51497, you might also want to check these:

CVE-2021-32724 9.9

CVE-2021-32724 is a critical vulnerability in the check-spelling GitHub Action that allows attackers...

Same vulnerability type (CWE-532)
CVE-2022-36407 9.9

This vulnerability allows local users to gain sensitive information through insertion of sensitive d...

Same vulnerability type (CWE-532)
CVE-2025-6391 9.8

Brocade ASCG versions before 3.3.0 log JSON Web Tokens (JWT) in plain text within log files. Attacke...

Same vulnerability type (CWE-532)