{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2909", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2025-03-28T10:32:51.760Z", "datePublished": "2025-03-28T12:51:54.150Z", "dateUpdated": "2025-03-28T13:47:34.455Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DuoxMe iOS application", "vendor": "Fermax", "versions": [{"lessThan": "3.3.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Fermax cybersecurity team"}], "datePublic": "2025-03-28T11:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information."}], "value": "The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2025-03-28T12:57:34.919Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fermax-mobile-applications"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The vulnerabilities have been fixed by the Fermax team in version 3.3.1 of the iOS DuoxMe application and in version 2024-09 for the authentication and call forwarding services in MeetMe products."}], "value": "The vulnerabilities have been fixed by the Fermax team in version 3.3.1 of the iOS DuoxMe application and in version 2024-09 for the authentication and call forwarding services in MeetMe products."}], "source": {"discovery": "INTERNAL"}, "title": "Lack of encryption vulnerability in DuoxMe", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-28T13:47:27.174529Z", "id": "CVE-2025-2909", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T13:47:34.455Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2909", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-28T13:47:27.174529Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T13:47:31.372Z"}}], "cna": {"title": "Lack of encryption vulnerability in DuoxMe", "source": {"discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Fermax cybersecurity team"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Fermax", "product": "DuoxMe iOS application", "versions": [{"status": "affected", "version": "0", "lessThan": "3.3.1", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The vulnerabilities have been fixed by the Fermax team in version 3.3.1 of the iOS DuoxMe application and in version 2024-09 for the authentication and call forwarding services in MeetMe products.", "supportingMedia": [{"type": "text/html", "value": "The vulnerabilities have been fixed by the Fermax team in version 3.3.1 of the iOS DuoxMe application and in version 2024-09 for the authentication and call forwarding services in MeetMe products.", "base64": false}]}], "datePublic": "2025-03-28T11:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fermax-mobile-applications"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.", "supportingMedia": [{"type": "text/html", "value": "The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "CWE-312 Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2025-03-28T12:57:34.919Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2909", "state": "PUBLISHED", "dateUpdated": "2025-03-28T13:47:34.455Z", "dateReserved": "2025-03-28T10:32:51.760Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2025-03-28T12:51:54.150Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information."}], "id": "CVE-2025-2909", "lastModified": "2025-03-28T18:11:40.180", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cve-coordination@incibe.es", "type": "Secondary"}]}, "published": "2025-03-28T13:15:41.387", "references": [{"source": "cve-coordination@incibe.es", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fermax-mobile-applications"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "cve-coordination@incibe.es", "type": "Primary"}]}

{}

{}