CVE-2025-64304
📋 TL;DR
The 'FOD' app uses hard-coded cryptographic keys, allowing local unauthenticated attackers to extract these keys. This vulnerability affects users of the FOD application who have not applied security updates. Attackers could potentially decrypt sensitive data or impersonate legitimate functions within the app.
💻 Affected Systems
- FOD app
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers decrypt sensitive user data, forge authentication tokens, or manipulate app functionality to access protected content without authorization.
Likely Case
Local attackers extract cryptographic keys to decrypt locally stored data or bypass app security controls for unauthorized access.
If Mitigated
With proper network segmentation and access controls, impact is limited to data accessible only on compromised devices.
🎯 Exploit Status
Exploitation requires local access to device; no remote exploitation possible.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update available through app stores
Vendor Advisory: https://help.fod.fujitv.co.jp/hc/ja/articles/48337068747033
Restart Required: Yes
Instructions:
1. Open app store (Google Play or Apple App Store). 2. Search for 'FOD' app. 3. Click 'Update' if available. 4. Restart the app after update completes.
🔧 Temporary Workarounds
Restrict local access
allImplement device security controls to prevent unauthorized local access
Network segmentation
allIsolate devices running vulnerable versions from sensitive network resources
🧯 If You Can't Patch
- Restrict physical access to devices running vulnerable app versions
- Monitor for unusual app behavior or unauthorized data access attempts
🔍 How to Verify
Check if Vulnerable:
Check app version in device settings; compare with latest version in app storeCheck Version:
Check app info in device settings > Apps > FODVerify Fix Applied:
Confirm app version matches or exceeds patched version in vendor advisory📡 Detection & Monitoring
Log Indicators:
- Unusual app access patterns
- Multiple failed decryption attempts
- Unauthorized data extraction attempts
Network Indicators:
- Unusual data exfiltration from mobile devices
- Suspicious local network scanning
SIEM Query:
source="mobile_device" AND app="FOD" AND (event="unauthorized_access" OR event="crypto_key_extraction")