CVE-2025-65831

High CVSS: 7.5

The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade attacks on the traffic from a mobile device, or through another means, they may be able to crack the hash in a reasonable amount of time and gain unauthorized access to the victim's account.

Vendor

Meatmeet

Product

Meatmeet

CWE

CWE-327

Yayın Tarihi

2025-12-10 21:16:08

Güncelleme

2025-12-30 18:40:54

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-327 Meatmeet HIGH Meatmeet 2025

Referanslar

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-lack-of-certificate-pinning-md https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-Application/Insecure-Algorithm.md

Benzer Kayıtlar

Medium

CVE-2025-65832

The mobile application insecurely handles information stored within memory. By performing a memory dump on the applicati…

Critical

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was d…

High

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmw…

Medium

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet devi…

Critical

CVE-2025-65826

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retri…

Critical

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over…