CVE-2025-65832
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-65832, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-12-10

Last updated on: 2025-12-12

Assigner: MITRE

Description

The mobile application insecurely handles information stored within memory. By performing a memory dump on the application after a user has logged out and terminated it, Wi-Fi credentials sent during the pairing process, JWTs used for authentication, and other sensitive details can be retrieved. As a result, an attacker with physical access to the device of a victim can retrieve this information and gain unauthorized access to their home Wi-Fi network and Meatmeet account.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-12-10
Last Modified
2025-12-12
Generated
2026-07-06
AI Q&A
2025-12-11
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
meatmeet meatmeet *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-316 The product stores sensitive information in cleartext in memory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, ensure that the mobile application securely handles sensitive information in memory by clearing or encrypting it immediately upon logout and termination. Additionally, restrict physical access to devices to prevent unauthorized memory dumps. Consider updating the application to a version that addresses this issue once available.

Executive Summary

This vulnerability occurs because the mobile application insecurely handles sensitive information stored in memory. After a user logs out and terminates the app, an attacker with physical access to the device can perform a memory dump to retrieve Wi-Fi credentials used during pairing, JWTs for authentication, and other sensitive data.

Impact Analysis

An attacker with physical access to your device can extract sensitive information such as your home Wi-Fi credentials and authentication tokens, potentially allowing unauthorized access to your home network and Meatmeet account.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65832. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart