Exposure of Confidential Information in mObywatel application_CVE-2025-11598

1 / 10

LOW

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data exposed depends on the last application view displayed before the application was minimized

This issue was fixed in version 4.71.0

Basic Information

ID CVE-2025-11598

Source CERT-PL

Published Feb 3, 2026 at 11:33

Affected Product

Vendor Centralny Ośrodek Informatyki

Product mObywatel

Affected Versions Centralny Ośrodek Informatyki mObywatel 0

CWE Classification

CWE-359

References

{
    "lastseen": "",
    "description": "In mObywatel iOS application\u00a0an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended (reopening the app would require the user to log in). The data exposed depends on the last application view displayed before the application was minimized\n\nThis issue was fixed in version 4.71.0",
    "published": "2026-02-03T11:33:55.993Z",
    "modified": "2026-02-03T11:33:55.993Z",
    "type": "cve",
    "title": "Exposure of Confidential Information in mObywatel application",
    "source": "CERT-PL",
    "references": "https://info.mobywatel.gov.pl/\nhttps://cert.pl/posts/2026/02/CVE-2025-11598",
    "id": "CVE-2025-11598",
    "bulletinFamily": "",
    "cwe": [
        "CWE-359"
    ],
    "cvelist": null,
    "sourceData": "Centralny O\u015brodek Informatyki mObywatel 0",
    "sourceHref": "",
    "cvss": {
        "score": 1,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "mObywatel",
    "version": "0",
    "vendor": "Centralny O\u015brodek Informatyki",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}