Login Sign Up

CVE-2025-25330

5.5 MEDIUM

📋 TL;DR

This vulnerability in Boohee Health iOS app allows attackers to access sensitive user information by tricking users into clicking a maliciously crafted link. It affects users of Boohee Health iOS app version 13.0.13. The issue stems from improper handling of URL schemes or deep links.

💻 Affected Systems

Products:
  • Boohee Technology Boohee Health iOS app
Versions: 13.0.13
Operating Systems: iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects iOS version of the app. Requires user interaction (clicking malicious link).

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exfiltrate sensitive personal health data, authentication tokens, or private user information stored within the app.

🟠

Likely Case

Targeted phishing campaigns could steal user session data or personal information through malicious links.

🟢

If Mitigated

With proper URL validation and sandboxing, impact would be limited to non-sensitive app data.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to click malicious link. Public proof-of-concept available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

1. Monitor Boohee Technology for security updates. 2. Update app through Apple App Store when patch becomes available. 3. No restart required for app updates.

🔧 Temporary Workarounds

Disable app URL schemes

ios

Prevent app from handling custom URL schemes through iOS restrictions

User education

all

Train users not to click untrusted links, especially those claiming to be from Boohee Health

🧯 If You Can't Patch

  • Restrict app permissions to minimum required functionality
  • Implement network monitoring for suspicious data exfiltration from the app

🔍 How to Verify

Check if Vulnerable:

Check app version in iOS Settings > General > iPhone Storage > Boohee Health

Check Version:

Not applicable - check through iOS Settings

Verify Fix Applied:

Verify app version is newer than 13.0.13 after update

📡 Detection & Monitoring

Log Indicators:

  • Unusual URL scheme activations
  • Sensitive data access from unexpected sources

Network Indicators:

  • Unexpected outbound connections after clicking links
  • Data exfiltration patterns

SIEM Query:

Not applicable for mobile app vulnerability

📊 Metadata

CVE ID: CVE-2025-25330
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-84
EPSS Score: 0.03% exploit probability (7.7th percentile)
Published: February 27, 2025
Last Updated: February 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-25330, you might also want to check these:

CVE-2024-52890 6.1

This CVE describes a cross-site scripting (XSS) vulnerability in IBM Engineering Lifecycle Optimizat...

Same vulnerability type (CWE-84)
CVE-2025-25323 5.5

This vulnerability in the 51Job iOS app allows attackers to access sensitive user information by tri...

Same vulnerability type (CWE-84)
CVE-2025-25325 5.5

This vulnerability in YuPao DirectHire iOS app allows attackers to access sensitive user information...

Same vulnerability type (CWE-84)