CVE-2025-65832

Medium CVSS: 4.6

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. As a result, an attacker with physical access to the device of a victim can retrieve this information and gain unauthorized access to their home Wi-Fi network and Meatmeet account.

Vendor

Meatmeet

Product

Meatmeet

CWE

CWE-316

Yayın Tarihi

2025-12-10 21:16:09

Güncelleme

2026-01-06 14:34:03

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-316 Meatmeet MEDIUM Meatmeet 2025

Referanslar

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-sensitive-information-stored-in-memory-md https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-Application/Sensitive%20Information-Stored-in-Memory.md

Benzer Kayıtlar

Critical

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was d…

High

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air (OTA) firmw…

Medium

CVE-2025-65825

The firmware on the basestation of the Meatmeet is not encrypted. An adversary with physical access to the Meatmeet devi…

Critical

CVE-2025-65826

The mobile application was found to contain stored credentials for the network it was developed on. If an attacker retri…

Critical

CVE-2025-65827

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over…

Medium

CVE-2025-65828

An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy…