"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

References
History

Tue, 02 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Google
Google android
Gunosy
Gunosy gunosy
Vendors & Products Apple
Apple ios
Google
Google android
Gunosy
Gunosy gunosy

Tue, 02 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 02 Sep 2025 07:45:00 +0000

Type Values Removed Values Added
Description "Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
Weaknesses CWE-201
References
Metrics cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2025-09-02T13:49:26.120Z

Reserved: 2025-08-27T02:46:14.686Z

Link: CVE-2025-44017

cve-icon Vulnrichment

Updated: 2025-09-02T13:49:23.025Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-09-02T08:15:30.977

Modified: 2025-09-02T15:55:25.420

Link: CVE-2025-44017

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-02T15:23:02Z