CRITICAL🇵🇱 Wersja polska

CVE-2025-65820

CVSS 9.8v3.1pub. 2025-12-10upd. 2025-12-17

An issue was discovered in Meatmeet Android Mobile Application 1.1.2.0. An exported activity can be spawned with the mobile application which opens a hidden page. This page, which is not available through the normal flows of the application, contains several devices which can be added to your account, two of which have not been publicly released. As a result of this vulnerability, the attacker can gain insight into unreleased Meatmeet devices.

🤖 AI Analysis
How it works

The application exports Android activities in a manner accessible to external applications without appropriate permission restrictions. An attacker can directly spawn this activity from another application or using ADB tools, bypassing normal application navigation flows. Executing this activity opens a hidden page that is not accessible through the standard user interface, which contains a list of devices that can be added to an account — including two devices not yet publicly announced.

Impact

An attacker can gain access to confidential business information regarding unreleased Meatmeet devices, which may lead to disclosure of the company's product plans before their official release.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. The manufacturer should restrict the export of the vulnerable activity by setting the android:exported="false" attribute or implementing appropriate permissions (permission) protecting access to this component.

Who is affected

Meatmeet Android Mobile Application version 1.1.2.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Meatmeet

    APP
    Meatmeet
    1.1.2.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-65826CRITICAL9.8PL ✓ten sam produkt

Hardcoded credentials w aplikacji mobilnej Meatmeet

CVE-2025-65827CRITICAL9.1PL ✓ten sam produkt

Meatmeet – transmisja danych w czystym tekście (HTTP), przechwycenie tokenów uwierzytelniania

CVE-2025-65830CRITICAL9.1PL ✓ten sam produkt

Brak walidacji certyfikatu TLS w aplikacji mobilnej Meatmeet

CVE-2025-65831HIGH7.5ten sam produkt

The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of ...

CVE-2025-65832MEDIUM4.6ten sam produkt

The mobile application insecurely handles information stored within memory. By performing a memory dump on the...