CVE-2025-65826
BaseFortify
Publication date: 2025-12-10
Last updated on: 2025-12-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meatmeet | meatmeet | 1.1.2.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a mobile application that contains stored credentials for the network it was developed on. An attacker who retrieves these credentials and locates the physical Wi-Fi network could gain unauthorized access. Additionally, if an attacker is physically near the device during its initial setup, they could force the device to auto-connect to a malicious access point by mimicking the SSID and password found in the firmware.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to the vendor's Wi-Fi network, potentially allowing attackers to intercept network traffic, access sensitive information, or launch further attacks within the network. It also risks the device connecting to a malicious access point controlled by an attacker, which could compromise device security and data integrity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately remove any stored credentials from the mobile application and firmware. Ensure that the device does not auto-connect to unknown or attacker-controlled access points by verifying and changing the SSID and password settings. Additionally, restrict physical access to the device during setup to prevent attackers from forcing auto-connections to malicious access points.