CVE-2025-41458
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-07-22
Assigner: cirosec GmbH
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| two_app_studio | journey | 5.5.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include encrypting the local data stored by the app using SQLCipher, securely storing encryption keys in the iOS keychain with Secure Enclave protection, and disabling or regularly cleaning the Write-Ahead Log (WAL) files to prevent recovery of deleted sensitive data. Since the vendor has not fixed the issue, users should also consider restricting local access to the device filesystem and avoid using vulnerable versions (5.5.6 through 5.5.9) of the app until a patch is available. [1]
Can you explain this vulnerability to me?
This vulnerability in Two App Studio Journey v5.5.9 for iOS involves unencrypted storage of sensitive data in the app's SQLite database and its Write-Ahead Log (WAL) file. Local attackers with access to the device's filesystem can extract sensitive information such as diary entries, authentication tokens, and cryptographic material because the data is stored without encryption. The WAL file can also retain sensitive data even after deletion, increasing the risk of data exposure. [1]
How can this vulnerability impact me? :
The vulnerability allows local attackers with low privileges to access and extract highly confidential data stored by the app, including personal diary entries and authentication tokens. This can lead to privacy breaches and unauthorized access to user accounts or sensitive information. Since the data is unencrypted, attackers can easily retrieve this information from the device's filesystem without needing user interaction. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by inspecting the app's filesystem on the iOS device for the presence of the unencrypted SQLite database and its Write-Ahead Log (WAL) file used by Two App Studio Journey versions 5.5.6 through 5.5.9. Commands to check for these files could include using a file browsing tool or iOS device management commands to access the app's sandbox directory and list database files. For example, using a jailbroken device or appropriate iOS debugging tools, one might use commands like 'ls' to list files in the app's Documents or Library directory, looking specifically for the SQLite database and WAL files. Extracting and inspecting these files can confirm if sensitive data is stored unencrypted. [1]