Login Sign Up

CVE-2025-65820

9.8 CRITICAL

📋 TL;DR

The Meatmeet Android mobile app version 1.1.2.0 contains an exported activity that can be triggered by other apps, revealing a hidden page with information about unreleased devices. This information disclosure vulnerability allows attackers to gain insight into upcoming products before public release. Only users of the affected Android app version are impacted.

💻 Affected Systems

Products:
  • Meatmeet Android Mobile Application
Versions: 1.1.2.0
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the specific Android app version; requires app installation and exported activity exploitation.

📦 What is this software?

Meatmeet by Meatmeet

View all CVEs affecting Meatmeet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Competitors or malicious actors gain detailed technical specifications and release timelines for unreleased products, enabling market manipulation, intellectual property theft, or targeted attacks against future devices.

🟠

Likely Case

Curious users or security researchers discover the hidden page and share information about upcoming devices online before official announcements.

🟢

If Mitigated

Limited exposure with only technical details leaked, no customer data or system access compromised.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Detailed proof-of-concept available in GitHub repository showing how to trigger the exported activity.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Users should uninstall the app until vendor releases a fixed version.

🔧 Temporary Workarounds

Uninstall vulnerable app

android

Remove the Meatmeet Android app version 1.1.2.0 from all devices

adb uninstall com.meatmeet.app (if using ADB)
Manual uninstall via Android settings

Restrict app permissions

android

Disable unnecessary permissions and prevent app from interacting with other apps

Go to Settings > Apps > Meatmeet > Permissions > Disable all permissions

🧯 If You Can't Patch

  • Monitor for unusual app behavior or unexpected activity launches
  • Isolate devices with the app from accessing sensitive corporate resources

🔍 How to Verify

Check if Vulnerable:

Check app version in Android settings: Settings > Apps > Meatmeet > App info. If version is 1.1.2.0, it's vulnerable.

Check Version:

adb shell dumpsys package com.meatmeet.app | grep versionName

Verify Fix Applied:

Install updated version from official app store and verify version number is higher than 1.1.2.0

📡 Detection & Monitoring

Log Indicators:

  • Unexpected activity launches in Android logs
  • Intent broadcasts to Meatmeet app from unknown sources

Network Indicators:

  • No network indicators - this is a local app vulnerability

SIEM Query:

No SIEM query applicable as this is a mobile app vulnerability

📊 Metadata

CVE ID: CVE-2025-65820
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-200
EPSS Score: 0.06% exploit probability (19.1th percentile)
Published: December 10, 2025
Last Updated: December 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65820, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)