CVE-2025-65827

Critical CVSS: 9.1

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise of the user's account if the attacker intercepts a request with active authentication tokens or cracks the MD5 hash sent on login.

Vendor

Meatmeet

Product

Meatmeet

CWE

CWE-319

Yayın Tarihi

2025-12-10 21:16:08

Güncelleme

2025-12-30 19:09:32

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-319 Meatmeet CRITICAL Meatmeet 2025

Referanslar

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-clear-text-traffic-enabled-md https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-Application/Clear-Text-Traffic-Enabled.md

Benzer Kayıtlar

Medium

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the applicati…

Critical

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was d…

High

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmw…

Medium

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet devi…

Critical

CVE-2025-65826

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retri…

Medium

CVE-2025-65828

An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy…