CVE-2025-65827 — CRITICAL (9.1)

Vulnerability Description

The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, inspect its contents, and modify the requests in transit. TThis may result in a total compromise of the user's account if the attacker intercepts a request with active authentication tokens or cracks the MD5 hash sent on login.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Meatmeet	Meatmeet	1.1.2.0

Related Weaknesses (CWE)

CWE-319

References

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-cleaThird Party Advisory
https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-AThird Party Advisory

FAQ

What is CVE-2025-65827?

CVE-2025-65827 is a vulnerability with a CVSS score of 9.1 (CRITICAL). The mobile application is configured to allow clear text traffic to all domains and communicates with an API server over HTTP. As a result, an adversary located "upstream" can intercept the traffic, i...

How severe is CVE-2025-65827?

CVE-2025-65827 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-65827?

Check the references section above for vendor advisories and patch information. Affected products include: Meatmeet Meatmeet.