Login Sign Up

CVE-2025-65827

9.1 CRITICAL

📋 TL;DR

This CVE describes a mobile application vulnerability where the app allows clear text HTTP traffic to all domains, enabling man-in-the-middle attacks. An attacker can intercept, inspect, and modify traffic between the app and its API server, potentially compromising user accounts. All users of the vulnerable mobile application are affected.

💻 Affected Systems

Products:
  • Meatmeet Pro mobile application
Versions: All versions prior to fix
Operating Systems: Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists when android:usesCleartextTraffic is set to true or network security config allows HTTP.

📦 What is this software?

Meatmeet by Meatmeet

View all CVEs affecting Meatmeet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover if attacker intercepts authentication tokens or cracks MD5 hashed credentials, leading to unauthorized access, data theft, and potential lateral movement.

🟠

Likely Case

Session hijacking, credential theft, and manipulation of API requests resulting in unauthorized actions or data exposure.

🟢

If Mitigated

Limited impact with proper TLS enforcement and network segmentation, though some risk remains from internal threats.

🌐 Internet-Facing: HIGH - Mobile apps often connect over public networks where MITM attacks are feasible.
🏢 Internal Only: MEDIUM - Internal networks still vulnerable to insider threats or compromised devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Attack requires network position to intercept traffic; tools like Burp Suite or mitmproxy can be used.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in references

Restart Required: Yes

Instructions:

1. Update mobile application to version enforcing HTTPS only. 2. Modify AndroidManifest.xml to set android:usesCleartextTraffic="false". 3. Implement proper Network Security Configuration requiring TLS.

🔧 Temporary Workarounds

Enforce HTTPS at network layer

all

Use firewall or proxy to block HTTP traffic to API domains

Certificate pinning implementation

all

Implement certificate pinning in app to prevent MITM even if TLS is bypassed

🧯 If You Can't Patch

  • Restrict app usage to trusted networks only (corporate VPN/WiFi)
  • Implement mobile device management (MDM) to enforce security policies

🔍 How to Verify

Check if Vulnerable:

Use network monitoring tools (Wireshark, mitmproxy) to see if app communicates over HTTP; check AndroidManifest.xml for usesCleartextTraffic setting.

Check Version:

Check app version in settings; no specific command provided in references.

Verify Fix Applied:

Confirm all API calls use HTTPS; test with MITM tools to verify traffic cannot be intercepted in plain text.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to API endpoints
  • Failed TLS handshakes followed by HTTP fallback

Network Indicators:

  • Plain text traffic to API domains on port 80
  • Lack of TLS encryption in mobile app traffic

SIEM Query:

source="firewall" dest_port=80 AND (dest_ip=api_server_ip) AND app="mobile_app_name"

📊 Metadata

CVE ID: CVE-2025-65827
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-319
EPSS Score: 0.04% exploit probability (10.2th percentile)
Published: December 10, 2025
Last Updated: December 30, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65827, you might also want to check these:

CVE-2023-33730 9.8

CVE-2023-33730 is a critical privilege escalation vulnerability in Microworld Technologies eScan Man...

Same vulnerability type (CWE-319)
CVE-2022-21829 9.8

This vulnerability in Concrete CMS allows authenticated high-privilege users to download zip files o...

Same vulnerability type (CWE-319)
CVE-2020-5426 9.8

CVE-2020-5426 allows attackers to intercept UAA client tokens transmitted in plaintext over non-TLS ...

Same vulnerability type (CWE-319)