CVE-2025-65830

Critical CVSS: 9.1

Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if the attacker intercepts a request with active authentication tokens or cracks the MD5 hash sent on login.

Vendor

Meatmeet

Product

Meatmeet

CWE

CWE-295

Yayın Tarihi

2025-12-10 21:16:08

Güncelleme

2025-12-30 18:46:13

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-295 Meatmeet CRITICAL Meatmeet 2025

Referanslar

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-lack-of-certificate-pinning-md https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-Application/Lack-of-Certificate-Pinning.md

Benzer Kayıtlar

Medium

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the applicati…

Critical

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was d…

High

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmw…

Medium

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet devi…

Critical

CVE-2025-65826

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retri…

Critical

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over…