CVE 9.1 CRITICAL

CVE-2025-65827_CVE-2025-65827

December 11, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if the attacker intercepts a request with active authentication tokens or cracks the MD5 hash sent on login.

AI Analysis

Clear text traffic is enabled in the mobile application, allowing an adversary to intercept and modify traffic, potentially compromising user accounts.

Basic Information

ID CVE-2025-65827

Source mitre

Published Dec 10, 2025 at 00:00

Modified Dec 11, 2025 at 20:12

Affected Product

Vendor Meatmeet-Pro Developer

Product Meatmeet-Pro

Version n/a

Affected Versions n/a n/a n/a

CWE Classification

CWE-319

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Meatmeet-Pro Developer

Product Meatmeet-Pro

Version n/a

References

{
    "lastseen": "",
    "description": "The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located \"upstream\" can intercept the traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if the attacker intercepts a request with active authentication tokens or cracks the MD5 hash sent on login.",
    "published": "2025-12-10T00:00:00.000Z",
    "modified": "2025-12-11T20:12:46.296Z",
    "type": "cve",
    "title": "CVE-2025-65827",
    "source": "mitre",
    "references": "https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-Application/Clear-Text-Traffic-Enabled.md\nhttps://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-clear-text-traffic-enabled-md",
    "id": "CVE-2025-65827",
    "bulletinFamily": "",
    "cwe": [
        "CWE-319"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Meatmeet-Pro",
    "version": "n/a",
    "vendor": "Meatmeet-Pro Developer",
    "ai_description": "Clear text traffic is enabled in the mobile application, allowing an adversary to intercept and modify traffic, potentially compromising user accounts.",
    "ai_severity": "Critical",
    "ai_vendor": "Meatmeet-Pro Developer",
    "ai_product": "Meatmeet-Pro",
    "ai_version": "n/a",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply