CVE-2025-65830 — CRITICAL (9.1)

Vulnerability Description

Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and modify the requests in transit. This may result in a total compromise of the user's account if the attacker intercepts a request with active authentication tokens or cracks the MD5 hash sent on login.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Meatmeet	Meatmeet	1.1.2.0

Related Weaknesses (CWE)

CWE-295

References

https://gist.github.com/dead1nfluence/4dffc239b4a460f41a03345fd8e5feb5#file-lackThird Party Advisory
https://github.com/dead1nfluence/Meatmeet-Pro-Vulnerabilities/blob/main/Mobile-AThird Party Advisory

FAQ

What is CVE-2025-65830?

CVE-2025-65830 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Due to a lack of certificate validation, all traffic from the mobile application can be intercepted. As a result, an adversary located "upstream" can decrypt the TLS traffic, inspect its contents, and...

How severe is CVE-2025-65830?

CVE-2025-65830 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-65830?

Check the references section above for vendor advisories and patch information. Affected products include: Meatmeet Meatmeet.