CVE-2025-64304
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-25
Last updated on: 2025-11-25
Assigner: JPCERT/CC
Description
Description
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to retrieve the cryptographic keys.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fod | app | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability involves the "FOD" App using hard-coded cryptographic keys. This means the cryptographic keys are embedded directly in the app's code, which may allow a local unauthenticated attacker to retrieve these keys.
How can this vulnerability impact me? :
If an attacker retrieves the hard-coded cryptographic keys, they could potentially decrypt sensitive data or impersonate the app, leading to a loss of confidentiality. However, the vulnerability requires local access and does not affect integrity or availability.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70