CVE-2025-5009: In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable pub
lowvulnerabilityLLM-Specific
securityprivacy
Summary
CVE-2025-5009 is a privacy bug in Google's Gemini iOS app where sharing a snippet of a conversation accidentally shared the entire conversation history through a public link instead of just the selected part. This exposed users' full conversation data, including private information they didn't intend to share.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
PII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Google
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-5009
First tracked: February 15, 2026 at 08:51 PM
Classified by LLM (prompt v3) · confidence: 95%